Security/Cross Site scripting- Entering Javascript on text fields shows unhandled exception error

HTBox / crisischeckin

Crisischeckin Humanitarian Toolbox repository

Apache License 2.0

173 stars 158 forks source link

Security/Cross Site scripting- Entering Javascript on text fields shows unhandled exception error #387

Open RamyaMahesh opened 8 years ago

RamyaMahesh commented 8 years ago

Security Testing:

Steps to recreate: in the administrator tool , navigate to create/update the cluster In the text field exter some javascript for checking the cross site scripting security test

Observed: When injecting javascript on text field shows unhandled exception

Expected: Javascript input should be treated as string and should be accepted on the input field

mjmilan commented 8 years ago

It would be helpful if you could confirm whether the issue is a generic issue throughout the site, or merely confined to the single instance to which you refer...

Thanks,

Martin

aarjay commented 8 years ago

Nastaran Avalos and Anita Gilbert We were able to enter html tags to string field "ex:Location" and cause Server error.