You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openmeetings.apache.org by "Panimozhi Jothi (Jira)" <ji...@apache.org> on 2021/09/07 13:05:00 UTC

[jira] [Created] (OPENMEETINGS-2663) XSS Cross Site Scripting

Panimozhi Jothi created OPENMEETINGS-2663:
---------------------------------------------

             Summary: XSS Cross Site Scripting 
                 Key: OPENMEETINGS-2663
                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-2663
             Project: Openmeetings
          Issue Type: Bug
    Affects Versions: 6.1.0
         Environment: QA
            Reporter: Panimozhi Jothi
            Assignee: Maxim Solodovnik


We performed a vulnerability scan on the Openmeetings app and found the "Cross-Site Scripting: Reflected" issue. On checking we also [found |https://www.zaproxy.org/docs/alerts/40012/]that Apache Wicket is handled with these vulnerability. 

 

Any idea why it's reported, can you confirm is VA scan performed on Openmeetings?

 

Sample URLS:

https://demo-openmeetings.apache.org/openmeetings/42182
https://demo-openmeetings.apache.org/openmeetings/error/24168
https://demo-openmeetings.apache.org/openmeetings/hash/75168
[https://demo-openmeetings.apache.org/openmeetings/signin/75133]

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)