David Camilo Espitia Manrique created AXIS2-5683:
----------------------------------------------------
Summary: BUG - Improper Neutralization of Script-Related HTML Tags
in a Web Page (Basic XSS) - ListingAgent.java
Key: AXIS2-5683
URL: https://issues.apache.org/jira/browse/AXIS2-5683
Project: Axis2
Issue Type: Bug
Components: transports
Affects Versions: 1.6.2, 1.5.6
Reporter: David Camilo Espitia Manrique
Fix For: 1.6.2, 1.5.6
We are currently using "axis2-transport-http-1.5.6" and the veracode analysis
found a bug in this class:
1. ListingAgent.java (Version 1.5.6 in the line 256 and 292) and (Version 1.6.2
in the line 252 and 288)
Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic
XSS)
Description:
This call contains a cross-site scripting (XSS) flaw. The application populates
the HTTP response with user-supplied
input, allowing an attacker to embed malicious content, such as Javascript
code, which will be executed in the context
of the victim's browser. XSS vulnerabilities are commonly exploited to steal or
manipulate cookies, modify presentation
of content, and compromise confidential information, with new attack vectors
being discovered on a regular basis.
is this a false positive?
thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
