Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-13835

Cross site scripting - Reflected

    XMLWordPrintable

Details

    • Horizon 22 - Feb 2 - Feb 16, Horizon 22 - Feb 16 - Mar 2
    • Backlog

    Description

      The application does not filter text or other data for potentially malicious HTML content. This enables an attacker to craft arbitrary HTML content. Cross site scripting occurs when dynamically generated web pages/web services reflect user input as it is, that is not properly validated, allowing an attacker to steal session, force browsing etc.

      Impact: Cross site scripting could result into site defacing, session hijacking and data theft etc. Usually, an attacker will attempt to manipulate an XSS vulnerability in order to present malicious HTML as if it came from a legitimate source. This attack is often combined with a social engineering attack that attempts to trick users into divulging their passwords, financial, or personal information.

      Attachments

        Issue Links

          Activity

            People

              geraldhumphries Gerald Humphries
              gp185132 Gaurav Pande
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: