Bright Cove User Macro-Cross-site script

2009-03-19T16:38:36
ID ATLASSIAN:CONFSERVER-14952
Type atlassian
Reporter jwitcraft
Modified 2017-02-17T05:17:09

Description

Our e-security found the following error after they scanned the Bright Cove User Macro:

Number System/Location Defect Type Status R4 Bright Cove User Macro Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records or gain access to other Single Sign On applications and perform transactions as that user. Refer to the url:

        https://wikistg.seagate.com/confluence/display/IT/B31+eSec+Bright+Cove 
        https://wikistg.seagate.com/confluence/display/IT/B26+eSec+Bright+Cove 
        https://wikistg.seagate.com/confluence/display/IT/B25+eSec+Bright+Cove