The test successfully embedded a script in the response, which will be executed once the page
is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site
Scripting attack.

The file 500page.jsp should escape the attributes and parameters to prevent code execution.

[3 of 5] Cross-Site Scripting
Severity: High
Test Type: Application
Vulnerable URL: http://xxx.yyy.com:8080/addpersonalspacetofavourites.action
(Parameter = key)
Remediation Tasks: Filter out hazardous characters from user input
Variant 1 of 8 [ID=574034]
The following changes were applied to the original request:
• Injected '<script>alert("Watchfire%20XSS")</script>' into parameter 'key's value
Request/Response:
GET /addpersonalspacetofavourites.action?nonBlankResult=true&key=<script>alert ("Watchfire%20XSS")</script> HTTP/1.0
Cookie: seraph.confluence=Zh\hNiQi[hZiOf]fOm\fOfUgSfZfWkYkWk;
confluence.list.pages.cookie=list-alphabetically;
confluence.browse.space.cookie=space-templates;
JSESSIONID=7FC6827BCA10B0042DE6BE0536A246D0
Accept: /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: xxxx.yyyy.com:8080
Referer: http://xxx.yyyy.com:8080/dopeopledirectorysearch.action?
searchQueryBean.queryString=&showOnlyPersonal=true
HTTP/1.1 500 Internal Server Error
Content-Length: 23985
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 22 Aug 2007 20:26:11 GMT
Connection: close
<html>
<head>
<title>Oops - an error has occurred</title>
<link rel="stylesheet" href="/styles/main-action.css" type="text/css" />
<script language="JavaScript" type="text/javascript"
src="/includes/js/cookieUtils.js"></script>
<style>
...