[ https://issues.apache.org/jira/browse/OPENMEETINGS-2663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Solodovnik resolved OPENMEETINGS-2663. -------------------------------------------- Resolution: Incomplete According to https://openmeetings.apache.org/security.html Vulnerabilities should be reported to our security@ mailing list This JIRA contains no details Please provide PoC to the mailing list Thanks in advance > XSS Cross Site Scripting > ------------------------- > > Key: OPENMEETINGS-2663 > URL: https://issues.apache.org/jira/browse/OPENMEETINGS-2663 > Project: Openmeetings > Issue Type: Bug > Affects Versions: 6.1.0 > Environment: QA > Reporter: Panimozhi Jothi > Assignee: Maxim Solodovnik > Priority: Critical > > We performed a vulnerability scan on the Openmeetings app and found the > "Cross-Site Scripting: Reflected" issue. On checking we also [found > |https://www.zaproxy.org/docs/alerts/40012/]that Apache Wicket is handled > with these vulnerability. > > Any idea why it's reported, can you confirm is VA scan performed on > Openmeetings? > > Sample URLS: > https://demo-openmeetings.apache.org/openmeetings/42182 > https://demo-openmeetings.apache.org/openmeetings/error/24168 > https://demo-openmeetings.apache.org/openmeetings/hash/75168 > [https://demo-openmeetings.apache.org/openmeetings/signin/75133] > -- This message was sent by Atlassian Jira (v8.3.4#803005)