[
https://issues.apache.org/jira/browse/STORM-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098663#comment-14098663
]
Anand Krishnan edited comment on STORM-408 at 8/15/14 3:31 PM:
---------------------------------------------------------------
We are seeing the problem exists in the Firefox browser, but appears to be
suppressed in the Chrome browser.
Additionally, we are currently using Storm version 0.9.0.1 which does not use
the mustache.js templates. We will explore upgrading to solve this problem.
Thanks.
was (Author: akrishnan4doittnyc):
We are seeing the problem exists in the Firefox browser, but appears to be
suppressed in the Chrome browser.
> Cross-Site Scripting security vulnerability
> -------------------------------------------
>
> Key: STORM-408
> URL: https://issues.apache.org/jira/browse/STORM-408
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Affects Versions: 0.9.3-incubating
> Environment: Java
> Reporter: Anand Krishnan
> Labels: security
> Fix For: 0.9.3-incubating, feature-security
>
>
> There are Cross-Site Scripting security vulnerabilities in Apache Storm.
> The risk is that it is possible to steal or manipulate customer session and
> cookies, which might be used to impersonate a legitimate user, allowing the
> hacker to view or alter user records, and to perform transactions as that
> user.
> The reason is that sanitation of hazardous characters was not performed
> correctly on user input.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
