Cross-Site Scripting vulnerability and Spectrum


Article ID: 15733


Updated On:


CA Spectrum


Below are the details on the Cross-Site Scripting vulnerability.


Cross-Site Scripting 

Severity: High 

CVSS Score: 7.5 


Entity: aboutAppName (Parameter) 

Risk: It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user 

Causes: Sanitation of hazardous characters was not performed correctly on user input 

Fix: Review possible solutions for hazardous character injection 

Reasoning: The test result seems to indicate a vulnerability because Appscan successfully embedded a script in the response, which will be executed when the page loads in the user's browser.

Is Spectrum susceptible to the Cross-Site Scripting vulnerability and if so, are there any plans to protect against it? 


Release: SDBSFO99000-10.2-Spectrum-Device Based Suite-Server FOC


The Cross-Site Scripting vulnerability is scheduled to be addressed in Spectrum There is no projected release date for Spectrum at the time this knowledge document was published.