Anand Krishnan created STORM-408:
------------------------------------
Summary: Cross-Site Scripting security vulnerability
Key: STORM-408
URL: https://issues.apache.org/jira/browse/STORM-408
Project: Apache Storm (Incubating)
Issue Type: Bug
Affects Versions: 0.9.3-incubating
Environment: Java
Reporter: Anand Krishnan
Fix For: 0.9.3-incubating, feature-security
There are Cross-Site Scripting security vulnerabilities in Apache Storm.
The risk is that it is possible to steal or manipulate customer session and
cookies, which might be used to impersonate a legitimate user, allowing the
hacker to view or alter user records, and to perform transactions as that user.
The reason is that sanitation of hazardous characters was not performed
correctly on user input.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
