[DuraSpace JIRA] (DS-4584) Cross site scripting

1 view
Skip to first unread message

Jaime Solorzano (LYRASIS JIRA)

unread,
Jun 8, 2021, 5:36:01 PM6/8/21
to dspace-...@googlegroups.com
Jaime Solorzano created an issue
 
DSpace / Bug DS-4584
Cross site scripting
Issue Type: Bug Bug
Affects Versions: 6.3
Assignee: Unassigned
Created: 08/Jun/21 4:35 PM
Environment: Linux Ubuntu server 16.04 / Postgres 9
Priority: Critical Critical
Reporter: Jaime Solorzano

Apply context-dependent encoding and / or validation to user input rendered on a page
Set the HttpOnly flag for cookies. With this you will not be able to access these cookies through JavaScript on the client side.
Configure the CSP security header
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

Mark H. Wood (LYRASIS JIRA)

unread,
Jun 9, 2021, 8:35:01 AM6/9/21
to dspace-...@googlegroups.com
Mark H. Wood commented on Bug DS-4584
 
Re: Cross site scripting

Are there specific places where this should have been done, but it was not?
Reply all
Reply to author
Forward
0 new messages