Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.5.6, 1.6.2, 1.7.1
Description
We are currently using "axis2-transport-http-1.5.6" and the veracode analysis found a bug in this class:
1. ListingAgent.java (Version 1.5.6 in the line 256 and 292) and (Version 1.6.2 in the line 252 and 288)
Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description:
This call contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with user-supplied
input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context
of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation
of content, and compromise confidential information, with new attack vectors being discovered on a regular basis.
is this a false positive?
thanks.
