ghost
commented
11 months ago @Harmanpreet-96, thank you for opening this issue. We will triage it within the next few business days.
Closed Harmanpreet-96 closed 3 months ago
ghost
commented
11 months ago @Harmanpreet-96, thank you for opening this issue. We will triage it within the next few business days.
JMach1
commented
11 months ago Hello @Harmanpreet-96 thank you for reporting an issue. Could you please provide exact steps for a successful cross-site scripting attack or any info where exactly is the vulnerability for such attack?
ghost
commented
11 months ago @Harmanpreet-96, we need more information before we start working on this issue. If you prefer to share it in private, please send us an email to apimportalfeedback@microsoft.com with the issue number in its subject.
Harmanpreet-96
commented
10 months ago This vulnerability was found to be false positive.
mrcarlosdev
commented
3 months ago This issue is related to managed developer portal. We advise you to create a Azure support request to get assistance on this issue. Please refer to the below link to create a new Azure support request, Please select Problem Type = "Developer Portal" in the request to route it appropriately.
Bug description
Security scan detected Possible Cross-site Scripting, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/JavaScript/VBScript by the browser. Cross-site scripting targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' sessions, an attacker might attack an administrator to gain full control over the application.
Although Invicti Enterprise believes there is a cross-site scripting in here, it could not confirm it. We strongly recommend investigating the issue manually to ensure it is cross-site scripting and needs to be addressed.
Impact There are many different attacks that can be leveraged through the use of XSS, including: Hijacking user's active session. Changing the look of the page within the victim's browser. Mounting a successful phishing attack. Intercepting data and performing man-in-the-middle attacks.
Reproduction steps
Expected behavior
This issue occurs because the browser interprets the input as active HTML, JavaScript or VBScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.
There are a number of pre-defined, well structured whitelist libraries available for many different environments. Good examples of these include OWASP Reform and Microsoft Anti-Cross-site Scripting libraries.
Additionally, you should implement a strong Content Security Policy (CSP) as a defense-in-depth measure if an XSS vulnerability is mistakenly introduced. Due to the complexity of XSS-Prevention and the lack of secure standard behavior in programming languages and frameworks, XSS vulnerabilities are still common in web applications.
Is your portal managed or self-hosted?
Managed
Release tag or commit SHA (if using self-hosted version)
[e.g., release
2.0.0, commitc45da9778b70d369aba60fa2e63c191efe2b548f]API Management service name
enterprise-apim-dev
Environment
Additional context
Add any other context about the problem here, including screenshots.