Hello.
I have recently had a security scan done on a site I am working on and it is reported that JavaScript can be injected into the page (XSS) as shown below. I am using IW 15.2.23 at the moment and wonder if there is something I can do to prevent it.
URL: https://dummydomain.com/
Method: POST
Parameter: IW_SessionID_
Attack: '"&tscrIpt&talert(1);&t/scRipt&t
Evidence: '"&tscrIpt&talert(1);&t/scRipt&t
URL: https://dummydomain.com/$/callback?c...syncChange
Method: POST
Parameter: IW_SessionID_
Attack: '"&tscrIpt&talert(1);&t/scRipt&t
Evidence: '"&tscrIpt&talert(1);&t/scRipt&t
Not entirely sure how to test for this on the local SA application so that I can check it has been fixed.
Any advise would be appreciated. XSS is not something I have much experience with.
David.
I have recently had a security scan done on a site I am working on and it is reported that JavaScript can be injected into the page (XSS) as shown below. I am using IW 15.2.23 at the moment and wonder if there is something I can do to prevent it.
URL: https://dummydomain.com/
Method: POST
Parameter: IW_SessionID_
Attack: '"&tscrIpt&talert(1);&t/scRipt&t
Evidence: '"&tscrIpt&talert(1);&t/scRipt&t
URL: https://dummydomain.com/$/callback?c...syncChange
Method: POST
Parameter: IW_SessionID_
Attack: '"&tscrIpt&talert(1);&t/scRipt&t
Evidence: '"&tscrIpt&talert(1);&t/scRipt&t
Not entirely sure how to test for this on the local SA application so that I can check it has been fixed.
Any advise would be appreciated. XSS is not something I have much experience with.
David.