On Feb 18, 2009, at 4:25 AM, euronymous wrote:
David E Jones-3 wrote:
2. security vulnerability tests: now we want to hit the public facing
(ecommerce, cmssite, etc) apps and the back-end apps to check as many
vulnerabilities as we can
In reply to your find-bug-campaing:
https://issues.apache.org/jira/browse/OFBIZ-1959
See my latest comment. A reflected XSS in latest trunk (partymgr -->
viewprofile --> partyId).
Let me know David
I'll try to look at that in the next day or two. It is probably a
place that doesn't uses the common tools and so gets around these
somehow...
-David
