Our security team has found a potential XSS vulnerability in a file called auth-fresh.js. Has anyone ever encountered this? I believe it has something to do with gadgets but that is as far as I have been able to determine. I can't find this JavaScript file on the server. The exact text of the message (from IBM app scan) is:
DOM based cross-site scripting
It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user
Any help would be appreciated.
Thanks.
Hi Thomas,
I checked my server and did not find any references to that file either. I would look to see if you're running a third party script/add-on that could be causing this. The only reference I found to that was here. That came from this project.
Cheers,
Branden
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.