hi , we did recent Fortify scan (HP vulnerability) on our smartgwt code (smargwt LGPL Edition version 5.0 ) and found couple of Critical and High issues.
Below are the details vul details from Scan:
ID 70491205 -modulename.nocache .js:4
Sink: Assignment to b .src in modulename.nocache .js:4
EnclosingMethod: f
Source: Read n .location .href from . .H in modulename.nocache .js:10
dataflow
Category: XSS DOM
Generated Code in modulename.nocache.js :
if(n.addEventListener){n.addEventListener($b,
function(){
N();S()
},false)}
var R=setInterval(
function(){if(/loaded|complete/.test(n.readyState)){N();S()}},50);o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:W,millis:(new Date).getTime(),type:ab});o&&o({moduleName:U,sessionId:p,subSystem:V,evtGroup:Qb,millis
Please guide me how can fix these XSS issue which are generated within modulaname.nocache.js files.
Comment