Vulnerabilities should not be exposed on public mailing lists without giving a project the chance to patch vulnerable released versions. Please report such vulnerabilities to [email protected] or [email protected].
http://www.apache.org/security/#reporting-a-vulnerability thanks — Hitesh On Apr 5, 2016, at 1:31 PM, Keta Patel <[email protected]> wrote: > Hello all, > I recently encountered a couple of APIs which were vulnerable to cross-site > script attacks through parameters like "description" or "name". These > parameters are passed in directly to server-side code and stored in the > database. The UI validation at present only checks for the length of the > input text. There needs to be a more robust server-side validation to > handle XSS attacks. > > Could somebody please help me by pointing out if there is an existing way > to handle > this vulnerability or whether it must be handled from scratch. > > Thanks in advance! > Keta
