https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215366#M168496 <HTML><HEAD></HEAD><BODY><SPAN>If you've found a reproducible bug, the correct place to log it is JIRA (see the link in my signature below).</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Mike</SPAN></BODY></HTML> Wed, 28 Apr 2010 10:53:54 GMT mikeh 2010-04-28T10:53:54Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215365#M168495 Hi,We need to get approval for Security team before application be rolled out. When we sought approval, they concluded Alfresco Share is prone to Cross Site Scripting Attacks…I need help to overcome this issue and get the things going..Ver: Alfresco 3.3 Browser: IE7..Thanks in Advance Wed, 28 Apr 2010 10:49:38 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215365#M168495 ahamed_rasmi 2010-04-28T10:49:38Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215366#M168496 <HTML><HEAD></HEAD><BODY><SPAN>If you've found a reproducible bug, the correct place to log it is JIRA (see the link in my signature below).</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Mike</SPAN></BODY></HTML> Wed, 28 Apr 2010 10:53:54 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215366#M168496 mikeh 2010-04-28T10:53:54Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215367#M168497 <HTML><HEAD></HEAD><BODY><SPAN>I posted in JIRA.. It was accepted.. But not accessible..</SPAN><BR /><BR /><SPAN>May i know the reason mike..? ALF-2623 is the code.. </SPAN><BR /><BR /><SPAN>Regards,</SPAN><BR /><BR /><SPAN>Ahamed Rasmi</SPAN></BODY></HTML> Thu, 29 Apr 2010 08:49:21 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215367#M168497 ahamed_rasmi 2010-04-29T08:49:21Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215368#M168498 <HTML><HEAD></HEAD><BODY><SPAN>Generally, if an XSS or similar security issue has been identified and is reproducible, we set the JIRA issue to be accessible by Alfresco staff only - that way it's not "Googleable".</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><SPAN>Mike</SPAN></BODY></HTML> Thu, 29 Apr 2010 21:04:34 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215368#M168498 mikeh 2010-04-29T21:04:34Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215369#M168499 <HTML><HEAD></HEAD><BODY><SPAN>Ok.. then how would i know about the status… and possible solutions..</SPAN><BR /><BR /><SPAN>Do you think UrlRewrite way with regex would solve this issue?</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Ahamed</SPAN></BODY></HTML> Fri, 30 Apr 2010 04:09:41 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215369#M168499 ahamed_rasmi 2010-04-30T04:09:41Z https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215370#M168500 <HTML><HEAD></HEAD><BODY><SPAN>I have fixed the issue.. now share site is safe.. </SPAN><BR /><BR /><SPAN>Added a Filter.. </SPAN><BR /><BR /><SPAN>In filter replaced the uri parameter letters like &lt;,&gt; into different letters.. So script tag is not executed..</SPAN><BR /><BR /><SPAN>Issue considered as closed..</SPAN><BR /><BR /><SPAN>Regards,</SPAN><BR /><BR /><SPAN>Ahamed</SPAN></BODY></HTML> Fri, 30 Apr 2010 08:56:57 GMT https://connect.hyland.com/t5/alfresco-archive/cross-site-scripting-attacks/m-p/215370#M168500 ahamed_rasmi 2010-04-30T08:56:57Z