David E Jones-3 wrote:
>
>
> 2. security vulnerability tests: now we want to hit the public facing
> (ecommerce, cmssite, etc) apps and the back-end apps to check as many
> vulnerabilities as we can
>
>
In reply to your find-bug-campaing:
https://issues.apache.org/jira/browse/OFBIZ-1959
See my latest comment. A reflected XSS in latest trunk (partymgr -->
viewprofile --> partyId).
Let me know David
Anyway, really thanks for the time you spent implementing esapi and
antysamy.
All the best
Michele OrrĂ¹
--
View this message in context:
http://www.nabble.com/Security-Issues-tp21622188p22076718.html
Sent from the OFBiz - Dev mailing list archive at Nabble.com.