Reflected Cross Site Scripting (XSS) Vulnerability


(Vishal Mishra) #1

The RemObjects SDK for Delphi v1.0.0.0 is vulnerable to reflected Cross Site Scripting (XSS) attack.

(RemObjects) #2

Thanks, logged as bugs://78944

(RemObjects) #3

bugs://78944 got closed with status fixed.

(EvgenyK) #4

generated html is:

<html><head><title>Error</title></head><body><font size=7>Error</font><br />An error occurred generating WSDL: Invalid TargetEntity "&lt;script&gt;alert(&apos;bla-bla-bla&apos;);&lt;/script&gt;"</body></html>

(Vishal Mishra) #5

May I know the version in which this vulnerability will get the fix ?
Does this vulnerability has any vulnerability candidate identity ?

(EvgenyK) #6

Fix will be in this week’s beta
all other possible places for this vulnerability also should be fixed.

(Vishal Mishra) #7

Thanks EvgenyK for prompt reply.