Cross-Site Scripting (XSS) Vulnerabilities

This topic contains 9 replies, has 2 voices, and was last updated by  easyregistrationadmin 1 month, 4 weeks ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #4900

    cpalacio
    Participant

    We are getting a report of this vulnerability from the ERForms. Can you please provide me some feedback as to how to solve this vulnerability?

    #4901

    Hi,

    Can you please share the details about where it is reported ? Any details regarding the report will be helpful.

    #4902

    cpalacio
    Participant

    – Parameter: It has been detected by exploiting the parameter erf_password of the form located in URL https://corp.trialcard.com/portfolio-items/tc-synapse-a-trusted-suiteof-risk-mitigation-and-compliance-solutions/ The payloads section will display a list of tests that show how the param could have been exploited to collect the information

    – Authentication: In order to detect this vulnerability, no authentication has been required.

    – Access Path: Here is the path followed by the scanner to reach the exploitable URL:https://corp.trialcard.com/

    #4903

    Form URL is leading to 404 page. Can you please check?

    #4904

    cpalacio
    Participant
    #4906

    Thank you for the URL. We have checked the code with ‘erf_password’ param and can assure that data is being sanitized before proceeding with the execution. It seems to be a false alarm. Please allow us some time to further debug the cause.

    #4909

    cpalacio
    Participant

    Thank you for your response. Would you mind giving me an estimate of when you will be able to provide me an update regarding your debugging.

    #4915

    It may take a couple of days. I will get back to you by Tuesday next week.

    #4933

    cpalacio
    Participant

    Hello,

    Our Infrastructure team has run another scan and they provided us the report of the site which shows XSS vulnerabilities for the ERForms. Can you provide me an email where I could send the report to?

    #4936

    You can send the details at erformswp@gmail.com

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.