cross-site scripting finding in the netsparker scan #4826

Jin-Sun-tts · 2024-07-23T16:43:46Z

Please keep any sensitive details in Google Drive.

Date of report: 07/13/2024
Severity: Medium
Due date: 10/13/2024

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

two Medium vulnerabilities found and one was false-alarm, the other one relates cross-site scripting. see detail in the google doc.

FuhuXia · 2024-07-24T21:00:40Z

PR GSA/ckanext-datagovtheme#208 fixed this issue.

Jin-Sun-tts added compliance Relating to security compliance or documentation bug Software defect or bug labels Jul 23, 2024

Jin-Sun-tts added this to the September 2024 milestone Jul 23, 2024

Jin-Sun-tts mentioned this issue Jul 23, 2024

O+M 2024-07-22 #4824

Closed

14 tasks

FuhuXia closed this as completed Jul 24, 2024

Jin-Sun-tts assigned FuhuXia Jul 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cross-site scripting finding in the netsparker scan #4826

cross-site scripting finding in the netsparker scan #4826

Jin-Sun-tts commented Jul 23, 2024

FuhuXia commented Jul 24, 2024

cross-site scripting finding in the netsparker scan #4826

cross-site scripting finding in the netsparker scan #4826

Comments

Jin-Sun-tts commented Jul 23, 2024

Brief description

FuhuXia commented Jul 24, 2024