Reflected Cross Site Scripting (XSS) Vulnerability

delphi

(Vishal Mishra) #1

The RemObjects SDK for Delphi v1.0.0.0 is vulnerable to reflected Cross Site Scripting (XSS) attack.


(RemObjects) #2

Thanks, logged as bugs://78944


(RemObjects) #3

bugs://78944 got closed with status fixed.


(EvgenyK) #4

generated html is:

<html><head><title>Error</title></head><body><font size=7>Error</font><br />An error occurred generating WSDL: Invalid TargetEntity "&lt;script&gt;alert(&apos;bla-bla-bla&apos;);&lt;/script&gt;"</body></html>

(Vishal Mishra) #5

May I know the version in which this vulnerability will get the fix ?
Does this vulnerability has any vulnerability candidate identity ?


(EvgenyK) #6

Fix will be in this week’s beta
all other possible places for this vulnerability also should be fixed.


(Vishal Mishra) #7

Thanks EvgenyK for prompt reply.