4 Replies Latest reply: Jan 31, 2008 5:02 PM by Will French RSS

    Cross site scripting (XSS) vulnerability

      Hi All,

       

      During our regular security audit and testing, our external agency, who carried out the study, reported the following in our Jive Forum application.

       

      site is vulnerable for XSS attacks - For example - accessing /search!execute.jspa?q=test&objID="><H1>XSS</H1>& allows the user to insert XSS into the page, which can be exploited by hackers.

       

      We found the problem in the latest version 5 as well as in the old versions. Is there any patch or any plan to provide a fix for this issue in the future?

       

      http://www.jivesoftware.com/jive/search.jspa?threadID=&q=test&objID="><H1>XSS</H1>&dateRange=last90days&userID=&numResults=15&rankBy=10001

       

      Many Thanks

      Srini