Bright Cove User Macro-Cross-site script

XMLWordPrintable

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Medium
    • None
    • Affects Version/s: 2.7.3
    • Component/s: None
    • Environment:

      Oracle JDBC - 10.1.0.3.0
      Server Oracle/weblogic OS Solaris jdk1.5.0_11/

      Our e-security found the following error after they scanned the Bright Cove User Macro:

      Number System/Location Defect Type Status
      R4 Bright Cove User Macro Client-side Attacks: Cross-site Scripting Open
      Description
      Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records or gain access to other Single Sign On applications and perform transactions as that user. Refer to the url:

      https://wikistg.seagate.com/confluence/display/IT/B31+eSec+Bright+Cove
      https://wikistg.seagate.com/confluence/display/IT/B26+eSec+Bright+Cove
      https://wikistg.seagate.com/confluence/display/IT/B25+eSec+Bright+Cove

            Assignee:
            Steve Haffenden (Inactive)
            Reporter:
            Jeannie Witcraft
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: