[
https://issues.apache.org/jira/browse/AXIS2-5683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Veithen updated AXIS2-5683:
-----------------------------------
Labels: security (was: )
> BUG - Improper Neutralization of Script-Related HTML Tags in a Web Page
> (Basic XSS) - ListingAgent.java
> -------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-5683
> URL: https://issues.apache.org/jira/browse/AXIS2-5683
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.5.6, 1.6.2, 1.7.1
> Reporter: David Camilo Espitia Manrique
> Labels: security
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> We are currently using "axis2-transport-http-1.5.6" and the veracode analysis
> found a bug in this class:
> 1. ListingAgent.java (Version 1.5.6 in the line 256 and 292) and (Version
> 1.6.2 in the line 252 and 288)
> Type: Improper Neutralization of Script-Related HTML Tags in a Web Page
> (Basic XSS)
> Description:
> This call contains a cross-site scripting (XSS) flaw. The application
> populates the HTTP response with user-supplied
> input, allowing an attacker to embed malicious content, such as Javascript
> code, which will be executed in the context
> of the victim's browser. XSS vulnerabilities are commonly exploited to steal
> or manipulate cookies, modify presentation
> of content, and compromise confidential information, with new attack vectors
> being discovered on a regular basis.
> is this a false positive?
> thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
