[ https://issues.apache.org/jira/browse/HAWQ-190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15109134#comment-15109134 ]
Caleb Welton commented on HAWQ-190: ----------------------------------- It looks like this issue was addressed with https://github.com/apache/incubator-hawq/pull/151, is there a reason the jira is still open? > XSS: Reflected: Invalid PathResource.java: Ln 99, 107 > ----------------------------------------------------- > > Key: HAWQ-190 > URL: https://issues.apache.org/jira/browse/HAWQ-190 > Project: Apache HAWQ > Issue Type: Bug > Components: PXF, Security > Reporter: Goden Yao > Assignee: Goden Yao > > The method sendErrorMessage() in InvalidPathResource.java sends unvalidated > data to a web browser on line 107, which can result in the browser executing > malicious code. -- This message was sent by Atlassian JIRA (v6.3.4#6332)