You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Panimozhi Jothi (Jira)" <ji...@apache.org> on 2021/09/07 13:05:00 UTC
[jira] [Created] (OPENMEETINGS-2663) XSS Cross Site Scripting
Panimozhi Jothi created OPENMEETINGS-2663:
---------------------------------------------
Summary: XSS Cross Site Scripting
Key: OPENMEETINGS-2663
URL: https://issues.apache.org/jira/browse/OPENMEETINGS-2663
Project: Openmeetings
Issue Type: Bug
Affects Versions: 6.1.0
Environment: QA
Reporter: Panimozhi Jothi
Assignee: Maxim Solodovnik
We performed a vulnerability scan on the Openmeetings app and found the "Cross-Site Scripting: Reflected" issue. On checking we also [found |https://www.zaproxy.org/docs/alerts/40012/]that Apache Wicket is handled with these vulnerability.
Any idea why it's reported, can you confirm is VA scan performed on Openmeetings?
Sample URLS:
https://demo-openmeetings.apache.org/openmeetings/42182
https://demo-openmeetings.apache.org/openmeetings/error/24168
https://demo-openmeetings.apache.org/openmeetings/hash/75168
[https://demo-openmeetings.apache.org/openmeetings/signin/75133]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)