[WT-10522] [Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page. - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: High
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Environment:

Stage
Bug Type:
Functional
Bug Severity:
Medium
Level:

Admin, Candidate, Employee, Partner
Module:
Platform - Security
Reported by:
Harbinger
Item State:
Development - On Hold
Issue Importance:
Must Have

Description

[Security] [ZAP-Active Scan Alert] Cross Site Scripting attack reflected on Forgot Password Page.

This alert is reflected for following URL and
URL : https://stage.workterra.net/Platform/Login/ForgotPassword
Method: POST
Parameter : SecretQuestionSecond
Attack : " onMouseOver="alert(1);
Evidence : " onMouseOver="alert(1);

URL : https://stage.workterra.net/Platform/Login/ForgotPassword
Method : POST
Parameter : SecretQuestion
Attack : " onMouseOver="alert(1);
Evidence : " onMouseOver="alert(1);

Testing is done on stage however issue might be present on production too.
Please refer attached HTML report - point no 1 for more details.

CC : Rakesh Roy Hrishikesh Deshpande Sachin Hingole Samir Vijayendra Shinde Vijay Siddha Bharti Satpute Gaurav Sodani Nidhi Kaul

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Employee_ActiveScan_Stage_9Aug2017.html
24 kB
09/Aug/17 11:10 AM

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Vijayendra Shinde (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Aug/17 11:14 AM

Updated:: 15/Dec/20 02:53 AM

Time Tracking

Estimated:

2h

Remaining:

2h

Logged:

Not Specified