-
Type: Bug
-
Status: Open
-
Priority: High
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Stage
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Admin, Candidate, Employee, Partner
-
Module:Platform - Security
-
Reported by:Harbinger
-
Item State:Development - On Hold
-
Issue Importance:Must Have
[Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page.
This alert is reflected for following URL and
URL : https://stage.workterra.net/Platform/Login/ForgotPassword
Method: POST
Parameter : SecretQuestionSecond
Attack : " onMouseOver="alert(1);
Evidence : " onMouseOver="alert(1);
URL : https://stage.workterra.net/Platform/Login/ForgotPassword
Method : POST
Parameter : SecretQuestion
Attack : " onMouseOver="alert(1);
Evidence : " onMouseOver="alert(1);
Testing is done on stage however issue might be present on production too.
Please refer attached HTML report - point no 1 for more details.
CC : Rakesh RoyHrishikesh DeshpandeSachin HingoleSamirVijayendra ShindeVijay SiddhaBharti SatputeGaurav SodaniNidhi Kaul
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
- To Do