Reporting Plugin- Cross-site scripting error

XMLWordPrintable

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Medium
    • None
    • Affects Version/s: 2.7.3
    • Component/s: None
    • Environment:

      Oracle JDBC - 10.1.0.3.0
      Server Oracle/weblogic OS Solaris jdk1.5.0_11/

      Our e-security found the following error for the Reporting plugin:

      Number System/Location Defect Type Status
      R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open
      Description
      Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records or gain access to other Single Sign On applications and perform transactions as that user. Refer to the url:

      https://wikistg.seagate.com/confluence/display/IT/R01+Reporting+eSec+Plugin

              Assignee:
              Steve Haffenden (Inactive)
              Reporter:
              Jeannie Witcraft
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: