09-05-2024, 10:50 AM
Hello.
I have recently had a security scan done on a site I am working on and it is reported that JavaScript can be injected into the page (XSS) as shown below. I am using IW 15.2.23 at the moment and wonder if there is something I can do to prevent it.
URL: https://dummydomain.com/
Method: POST
Parameter: IW_SessionID_
Attack: '"<scrIpt>alert(1);</scRipt>
Evidence: '"<scrIpt>alert(1);</scRipt>
URL: https://dummydomain.com/$/callback?c...syncChange
Method: POST
Parameter: IW_SessionID_
Attack: '"<scrIpt>alert(1);</scRipt>
Evidence: '"<scrIpt>alert(1);</scRipt>
Not entirely sure how to test for this on the local SA application so that I can check it has been fixed.
Any advise would be appreciated. XSS is not something I have much experience with.
David.
I have recently had a security scan done on a site I am working on and it is reported that JavaScript can be injected into the page (XSS) as shown below. I am using IW 15.2.23 at the moment and wonder if there is something I can do to prevent it.
URL: https://dummydomain.com/
Method: POST
Parameter: IW_SessionID_
Attack: '"<scrIpt>alert(1);</scRipt>
Evidence: '"<scrIpt>alert(1);</scRipt>
URL: https://dummydomain.com/$/callback?c...syncChange
Method: POST
Parameter: IW_SessionID_
Attack: '"<scrIpt>alert(1);</scRipt>
Evidence: '"<scrIpt>alert(1);</scRipt>
Not entirely sure how to test for this on the local SA application so that I can check it has been fixed.
Any advise would be appreciated. XSS is not something I have much experience with.
David.