ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keta Patel <>
Subject cross-site vulnerability of APIs
Date Tue, 05 Apr 2016 20:31:56 GMT
Hello all,
I recently encountered a couple of APIs which were vulnerable to cross-site
script attacks through parameters like "description" or "name". These
parameters are passed in directly to server-side code and stored in the
database. The UI validation at present only checks for the length of the
input text. There needs to be a more robust server-side validation to
handle XSS attacks.

Could somebody please help me by pointing out if there is an existing way
to handle
this vulnerability or whether it must be handled from scratch.

Thanks in advance!

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message