WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-10522

[Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page.

    Details

    • Type: Bug
    • Status: Open
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Stage
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Admin, Candidate, Employee, Partner
    • Module:
      Platform - Security
    • Reported by:
      Harbinger
    • Item State:
      Development - On Hold
    • Issue Importance:
      Must Have

      Description

      [Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page.

      This alert is reflected for following URL and
      URL : https://stage.workterra.net/Platform/Login/ForgotPassword
      Method: POST
      Parameter : SecretQuestionSecond
      Attack : " onMouseOver="alert(1);
      Evidence : " onMouseOver="alert(1);

      URL : https://stage.workterra.net/Platform/Login/ForgotPassword
      Method : POST
      Parameter : SecretQuestion
      Attack : " onMouseOver="alert(1);
      Evidence : " onMouseOver="alert(1);

      Testing is done on stage however issue might be present on production too.
      Please refer attached HTML report - point no 1 for more details.

      CC : Rakesh RoyHrishikesh DeshpandeSachin HingoleSamirVijayendra ShindeVijay SiddhaBharti SatputeGaurav SodaniNidhi Kaul

        Attachments

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Hide
            Permalink
            santosh.balid Santosh Balid (Inactive) added a comment -

            Please plan it in future sprints.

            Cc : Satya, Jaideep Vinchurkar, Bharti Satpute

            Show
            santosh.balid Santosh Balid (Inactive) added a comment - Please plan it in future sprints. Cc : Satya , Jaideep Vinchurkar , Bharti Satpute

              People

              Assignee:
              vijayendra Vijayendra Shinde (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified