WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-4633

[Security Test] Server side validations are missing on Firstname last name filed on Addchild and spouse page. Error get display while adding script after bypassing the client side validation.

    Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
      Production
    • Bug Severity:
      Low
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger

      Description

      [Security Test]

      {Cross Site Scripting}


      Server side validations are missing on First name last name filed on Add child and Add Spouse pages.

      Error get displayed while adding script after bypassing the client side validation.

      Test Environment: Production - VM 208...
      Tool Used : Tamper Data

      Malicious user can enter any scripts through application to generate Server Errors.

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          prasadp Prasad Pise (Inactive) created issue -
          rakeshr Rakesh Roy (Inactive) made changes -
          Field Original Value New Value
          Module Parent values: BenAdmin(10100) Parent values: BenAdmin(10100)Level 1 values: Security(10112)
          prasadp Prasad Pise (Inactive) made changes -
          Severity Medium [ 13102 ]
          prasadp Prasad Pise (Inactive) made changes -
          Issue Category EBS [ 10350 ] Harbinger [ 10700 ]
          Jennifer.Reed Jennifer Reed (Inactive) made changes -
          Issue Category Harbinger [ 10700 ] Data Audit [ 18400 ]
          Jennifer.Reed Jennifer Reed (Inactive) made changes -
          Issue Category Data Audit [ 18400 ] Harbinger [ 10700 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Bug Severity Low [ 16703 ]
          satyap Satya made changes -
          Labels Security
          satyap Satya made changes -
          Environment_New Production [ 18442 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Link This issue relates to DEV-13718 [ DEV-13718 ]

            People

            Assignee:
            samir Samir
            Reporter:
            prasadp Prasad Pise (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: