Cross site scripting for OpenAM v12

This topic has 2 replies, 2 voices, and was last updated 5 years, 4 months ago by hkworker2002.

  • Author
    Posts
  • #5297
     hkworker2002
    Participant

    After security vulnerability, it was reported that following CSS vulnerability is discovered in OpenAM 12. Can anyone confirm if this is valid and any resolution, workaround? Thanks.

    Affected URL:
     /sso/console/ajax/AjaxProxy.jsp
    Risk Level: Medium

    Finding and Vulnerability Description:
    This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
    Recommendation:
    The script should filter metacharacters from user input.

    #5311
     Neil Madden
    Participant

    Please report suspected security issues to the [email protected] mailing list.

    #5427
     hkworker2002
    Participant

    Already reported for a week but get no response. Not sure if anyone is following up this case or ignored by mail.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?