Hi,
1) a third party company that is reviewing a websites we developed reported some security issues that they are requiring us to address. One of this security issue is the problem described:
if the IW application can be reached on "http://127.0.0.1:88/$/", if we put the URL "http://127.0.0.1:88/" followed by the string "StartCheck?<svg/onload=alert(1)>" (http://127.0.0.1:88/$/StartCheck?<svg/onload=alert(1)>) a pop-up appear. This means that an user can put HTML/javascript code in the URL and execute this code. They have identified this problem as Reflected Cross-site Scripting (XSS).
2) I'm saying that in our IW application an alert can be run, I don't know if can be run in other IW application.
1) a third party company that is reviewing a websites we developed reported some security issues that they are requiring us to address. One of this security issue is the problem described:
if the IW application can be reached on "http://127.0.0.1:88/$/", if we put the URL "http://127.0.0.1:88/" followed by the string "StartCheck?<svg/onload=alert(1)>" (http://127.0.0.1:88/$/StartCheck?<svg/onload=alert(1)>) a pop-up appear. This means that an user can put HTML/javascript code in the URL and execute this code. They have identified this problem as Reflected Cross-site Scripting (XSS).
2) I'm saying that in our IW application an alert can be run, I don't know if can be run in other IW application.