[jira] [Created] (OPENMEETINGS-2663) XSS Cross Site Scripting

Panimozhi Jothi (Jira) Tue, 07 Sep 2021 06:05:05 -0700

Panimozhi Jothi created OPENMEETINGS-2663:
---------------------------------------------


             Summary: XSS Cross Site Scripting 
                 Key: OPENMEETINGS-2663
                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-2663
             Project: Openmeetings
          Issue Type: Bug
    Affects Versions: 6.1.0
         Environment: QA
            Reporter: Panimozhi Jothi
            Assignee: Maxim Solodovnik


We performed a vulnerability scan on the Openmeetings app and found the 
"Cross-Site Scripting: Reflected" issue. On checking we also [found 
|https://www.zaproxy.org/docs/alerts/40012/]that Apache Wicket is handled with 
these vulnerability. 

 

Any idea why it's reported, can you confirm is VA scan performed on 
Openmeetings?

 

Sample URLS:

https://demo-openmeetings.apache.org/openmeetings/42182
https://demo-openmeetings.apache.org/openmeetings/error/24168
https://demo-openmeetings.apache.org/openmeetings/hash/75168
[https://demo-openmeetings.apache.org/openmeetings/signin/75133]

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (OPENMEETINGS-2663) XSS Cross Site Scripting

Reply via email to