We are on smartgwt 6.1 version and when a vulnerability is injected as shown in the below request, it reflects back in the response.
The expectation is that the request needs to be sanitized and an appropriate response needs to be sent.
Request Injected with some VBScript
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">0</transactionNum><operations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><criteria xsi:nil="true" /><operationConfig xsi:type="xsd:Object"><dataSource><![CDATA[lpiTask<a HrEf=VbScRiPt:MsgBox(27617)>]]></dataSource><operationType>fetch</operationType></operationConfig><useStrictJSON xsi:type="xsd:boolean">true</useStrictJSON><appID>builtinApplication</appID><operation>fetchTasks</operation><oldValues xsi:nil="true" /></elem></operations></transaction>
Attached the response for the same.
Do we have any configuration or settings to address this, this happens in lower versions as well.
The expectation is that the request needs to be sanitized and an appropriate response needs to be sent.
Request Injected with some VBScript
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">0</transactionNum><operations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><criteria xsi:nil="true" /><operationConfig xsi:type="xsd:Object"><dataSource><![CDATA[lpiTask<a HrEf=VbScRiPt:MsgBox(27617)>]]></dataSource><operationType>fetch</operationType></operationConfig><useStrictJSON xsi:type="xsd:boolean">true</useStrictJSON><appID>builtinApplication</appID><operation>fetchTasks</operation><oldValues xsi:nil="true" /></elem></operations></transaction>
Attached the response for the same.
Do we have any configuration or settings to address this, this happens in lower versions as well.
Attached Files
Comment