We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Sanitize Text Fields to Protect Against XSS Attacks

Nick_FlintNick_Flint Customer Advanced IT Monkey ✭✭✭

HTML tags are very useful in the portal, but currently the portal is vulnerable to persistent cross-site scripting (pXSS) and other XXS attacks by anyone that can access the portal. Specifically comments, descriptions and other text fields.

With this vulnerability, an insider could perform pXSS to do a variety of malicious actions. These actions could include denial of service, malvertising, and malware redirection.

Please update the portal to sanitize user input fields prior to committing them to SCSM.

8 votes

Submitted · Last Updated

Comments

  • Peter_MiklianPeter_Miklian Customer Advanced IT Monkey ✭✭✭

    Our penetration testers identified this 'stored XSS' vulnerability, too. Not nice 😕

Sign In or Register to comment.