Hyland Connect

ahamed_rasmi · ‎04-28-2010

Hi,

We need to get approval for Security team before application be rolled out.

When we sought approval, they concluded Alfresco Share is prone to Cross Site Scripting Attacks…

I need help to overcome this issue and get the things going..

Ver: Alfresco 3.3
Browser: IE7..

Thanks in Advance

mikeh · ‎04-28-2010

If you've found a reproducible bug, the correct place to log it is JIRA (see the link in my signature below).

Thanks,
Mike

ahamed_rasmi · ‎04-29-2010

I posted in JIRA.. It was accepted.. But not accessible..

May i know the reason mike..? ALF-2623 is the code..

Regards,

Ahamed Rasmi

mikeh · ‎04-29-2010

Generally, if an XSS or similar security issue has been identified and is reproducible, we set the JIRA issue to be accessible by Alfresco staff only - that way it's not "Googleable".

Thanks,
Mike

ahamed_rasmi · ‎04-30-2010

Ok.. then how would i know about the status… and possible solutions..

Do you think UrlRewrite way with regex would solve this issue?

Regards

Ahamed

ahamed_rasmi · ‎04-30-2010

I have fixed the issue.. now share site is safe..

Added a Filter..

In filter replaced the uri parameter letters like <,> into different letters.. So script tag is not executed..

Issue considered as closed..

Regards,

Ahamed