XSS Vulnerability Processmaker 2.5.2

Forum rules: Please post new questions under "Developing processes & programming" for ProcessMaker 2 or 3.

6 posts
First unread post

6 posts

XSS Vulnerability Processmaker 2.5.2#781205

By ptmi1047 - Tue Nov 25, 2014 1:44 am

- Tue Nov 25, 2014 1:44 am #781205

Hi Processmaker team,

I have a vulnerability scan report for Processmaker 2.5.2 which I got from our IT Security team. There are 3 vulnerability L5 found, it related to Reflected Cross-Site Scripting (XSS) Vulnerabilities as you can see in attached images.

It would be great if you can fix the vulnerability.

Thanks.

Attachments

Vul3.jpg (133.8 KiB) Viewed 5002 times

vul2.jpg (131.95 KiB) Viewed 5002 times

Vul1.jpg (131.65 KiB) Viewed 5002 times

Re: XSS Vulnerability Processmaker 2.5.2#781208

By liliana - Tue Nov 25, 2014 8:43 am

- Tue Nov 25, 2014 8:43 am #781208

Hi,

Thanks for reporting this. Don't worry about this issue, this is being tested by our QA team and we are taking the necessary actions to solve this.

Regards!

Re: XSS Vulnerability Processmaker 2.5.2#781253

By ptmi1047 - Wed Nov 26, 2014 11:50 pm

- Wed Nov 26, 2014 11:50 pm #781253

Hi Liliana,

Please let me know if you have any updates on this.

Thanks.

Re: XSS Vulnerability Processmaker 2.5.2#781578

By ptmi1047 - Mon Jan 12, 2015 5:22 am

- Mon Jan 12, 2015 5:22 am #781578

Hi Liliana,

Do you have any updates on this.

Thanks.

Re: XSS Vulnerability Processmaker 2.5.2#781580

By liliana - Mon Jan 12, 2015 8:45 am

- Mon Jan 12, 2015 8:45 am #781580

HI,

Yes, our dev. Team told us that this will be fixed in the next ProcessMaker version (next to v. 2.8 ).

An exact date of this release will be announced in next weeks.

Regards,