displaying top 100 results
Tracker Issue Terminology: XSS Attack
Terminology: XSS Attack
Tracker Issue XSS Bug on https://coldfusion.adobe.com
XSS Bug on https://coldfusion.adobe.com
Portal Topic Input validation to avoid XSS
Input validation to avoid XSS
Security Analyzer XSS Warning on XmlFormat HTMLEditFormat
Portal Comment Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by JS_Webtrax
Tracker Comment Comment on Terminology: XSS Attack by Milan C.
Comment on Terminology: XSS Attack by Milan C.
Tracker Comment Comment on Terminology: XSS Attack by CFwatson U.
Comment on Terminology: XSS Attack by CFwatson U.
Portal Comment Comment on Input validation to avoid XSS by Charlie Arehart
Comment on Input validation to avoid XSS by Charlie Arehart
Inconsistent XSS markings for built-in-functions (BIF) that return integers
Tracker Comment Comment on Terminology: XSS Attack by CFwatson U.
Comment on Terminology: XSS Attack by CFwatson U.
Portal Comment Comment on Input validation to avoid XSS by Charlie Arehart
Comment on Input validation to avoid XSS by Charlie Arehart
Tracker Comment Comment on Terminology: XSS Attack by CFwatson U.
Comment on Terminology: XSS Attack by CFwatson U.
Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow)
Portal Comment Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by JS_Webtrax
Portal Comment Comment on Input validation to avoid XSS by Bernhard Döbler
Comment on Input validation to avoid XSS by Bernhard Döbler
Portal Comment Comment on Input validation to avoid XSS by Charlie Arehart
Comment on Input validation to avoid XSS by Charlie Arehart
Portal Comment Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by JS_Webtrax
Portal Comment Comment on Input validation to avoid XSS by Charlie Arehart
Comment on Input validation to avoid XSS by Charlie Arehart
Tracker Comment Comment on Terminology: XSS Attack by CFwatson U.
Comment on Terminology: XSS Attack by CFwatson U.
Tracker Comment Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by External U.
Comment on '">alert(document.cookie)'"> by External U.
Tracker Issue '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>
'">alert(document.cookie)'">
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by External U.
Tracker Issue Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration
Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration
Tracker Comment Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Tracker Comment Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Tracker Comment Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by External U.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by External U.
Tracker Comment Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Tracker Comment Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Tracker Comment Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Tracker Comment Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Tracker Comment Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by External U.
OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by CFwatson U.
Tracker Issue Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy()
Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy()
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by CFwatson U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Tracker Comment Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Tracker Comment Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Tracker Comment Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Tracker Comment Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Tracker Comment Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by External U.
Comment on '">alert(document.cookie)'"> by External U.
Tracker Comment Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Tracker Comment Comment on Error with reReplace when text being replaced is over a certain size. by Piyush K.
2609111 CF-3928688 Piyush K. Stephen,
You seem to have a lot of custom parameters set in your jvm config file.
Can you try bumping up the number for -Xss parameter to, say, -Xss512k.
If that doesn't help can you pls. verify if the issue exists with the default ColdFusion jvm.config file?
Tracker Issue cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities
cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by S P.
Comment on '">alert(document.cookie)'"> by S P.
2609140 CF-3923189 External U. Hi Suchika,
You're very welcome! Once implemented, 's XSS protection will be one of its key advantages.
Thanks!,
-Aaron
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by S P.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by S P.
Tracker Comment Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
(Update 2) security analyzer does not detect xss and csrf (Japanese Ver.)
Tracker Issue bug bounty test
2608988 CF-3949694 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949694
External Customer Info:
External Company
Tracker Issue bug bounty test
2608989 CF-3949693 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949693
External Customer Info:
External Company
Tracker Issue bug bounty test
2608990 CF-3949692 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949692
External Customer Info:
External Company
Tracker Issue bug bounty test
2608991 CF-3949691 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949691
External Customer Info:
External Company
Tracker Issue bug bounty test
2608992 CF-3949690 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949690
External Customer Info:
External Company
Tracker Issue bug bounty test
2608993 CF-3949689 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949689
External Customer Info:
External Company
Tracker Issue bug bounty test
2608994 CF-3949688 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949688
External Customer Info:
External Company
Tracker Issue bug bounty test
2608995 CF-3949687 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949687
External Customer Info:
External Company
Tracker Issue bug bounty test
2608996 CF-3949686 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949686
External Customer Info:
External Company
Tracker Issue bug bounty test
2608997 CF-3949685 Administrator steve borosh bug bounty test veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949685
External Customer Info:
External Company:
External Customer Name: steve
Tracker Issue bug bounty test
2608998 CF-3949678 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685
veris-->group
[[" onmouseover="alert('XSS');" ]
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3949678
External Customer Info:
External Company
Tracker Comment Comment on '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee> by Immanuel N.
Comment on '">alert(document.cookie)'"> by Immanuel N.
Tracker Comment Comment on bug bounty test by External U.
://bugbase.adobe.com/index.cfm?event=login∨igEvent=";alert('RVRSH3LL_XSS')//
2609140 CF-3923189 External U. Here are the current attributes. Except for apiversion, format, render and encodeoutput, the remaining attributes were added b/c the extraoptions attribute allows XSS. So all plugin options needed to be added as tag attributes. The apiversion, format, render
2612744 CF-3434473 External U. You did not read the full ticket. I was not talking about encoding the entire block only things that were inside of #'s
http://www.dcepler.net/post.cfm/better-xss-protection-for-cfml
Also closing as "NotABug" is not appropriate for a feature request.
2612744 CF-3434473 External U. Hi Adam,
I like the concept (simplifying XSS protection - if Adobe can do it properly), but do agree the current implementation isn't desirable. The [community] discussion has been very good lately; hopefully it's not too late!
Thanks!,
-Aaron
Tracker Issue Security scanner: incorrect analysis
.messageWithFunction = ucase(variables.scopedMessage);
writeOutput(variables.messageWithFunction);
variables.messageFollowingGuidance = encodeForHtml(unscopedMessage);
writeOutput(variables.messageFollowingGuidance);
This line is singled-out with an XSS warning:
writeOutput(variables.messageWithFunction);
Why
Tracker Comment Comment on reReplaceNoCase is throwing a java.lang.StackOverflowError at org.apache.oro.text.regex.Perl5Matcher when using Java 1.8 by Milan C.
2608196 CF-4165797 Milan C. reReplaceNoCase method internally makes recursive calls on your regex, the bigger your text is bigger stack(for recursive calls) it will create.
Java sets some default value on maximum size of the stack which you can increase in jvm.config file using this "-Xss" property
Tracker Issue While flagging certain functions that return strings, it should be flagged as error instead of warning.
2672830 CF-4161177 Security Analyzer ext-user While flagging certain functions that return strings, it should be flagged as error instead of warning. Problem:
While flagging certain functions for XSS, it should be flagged as error instead of warning.
Method:
The functions ucase
Tracker Comment Comment on Bizzare behavior in cflayout due to change in default setting for action in cfform by Adobe D.
2614735 CF-3080158 Adobe D. Done a Adhoc testing things are working fine.
ON OWSAP it is clearly mention.
EncodeForHTMLAttribute: This should not be used for complex attributes like href, src, style, or any of the event handlers like onmouseover.
url :
https://www.owasp.org/index.php/XSS
Portal Topic ColdFusion 2016 Security Enhancements: EncodeFor
Peter Freitag ColdFusion 2016 Security Enhancements: EncodeFor ColdFusion 2016 added a handy enhancement to make writing secure CFML code easier for developers. This enhancement helps developers protect large chunks of code from a security vulnerability known as Cross Site Scripting or XSS. What
/or their member function equivalents added in CF2016.
These all perform encoding based on the OWASP ESAPI project. As you posted xss/">another question at the same time, and I had already answered that in more detail, with links
Tracker Comment Comment on Values coming from in-built struct objects/tag-specific variables should not be flagged for vulnerability. by S P.
ForHTML(listing.lastName & ", " & listing.firstName)#
**listing.recordCount and listing.currentRow should not be marked as vulnerable to xss attack.
2)Other tag-specific variables should also follow this:
cfquery/cfldap/cfpop/cfsearch
queryname.CurrentRow
queryname.RecordCount
CFQUERY.ExecutionTime
CFSTOREDPROC
, it goes to Adobe documenting the change and being extremely explicit that it is not a silver bullet to preventing XSS.
2673380 CF-4126669 Security Analyzer David Epler Security Analyzer - Better information for HTMLEditFormat Prior to ColdFusion 10, the only way to escape/encode for XSS was mostly through the use of HTMLEditFormat. This function was deprecated when in ColdFusion 10 the ESAPI EncodeFor* functions
Tracker Comment Comment on Bizzare behavior in cflayout due to change in default setting for action in cfform by Adobe D.
-Dcoldfusion.encodeformaction=false system property.
This will roll back the behavior to CF901 behavior where we will generate the form action with script name and query parameters. This is however prone to XSS attacks and is not recommended for use. IT is only for backward compatibility.
Changelist comment
GavinPickin Modernize or Die® – CFML News for August 4th, 2020 – Episode 64 For the show notes – visit the website https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-for-august-4th-2020-episode-64 Watch the video version on YouTube at https://youtu.be/12koq9xss1s Summary Gavin
2601393 CF-3038010 Security : General Pete Freitag Bug 76211:A Attribute httponly is needed for the CFCOOKIE tag Problem:
A Attribute httponly is needed for the CFCOOKIE tag. This is a security feature that makes the cookie inaccessible from JavaScript to mitigate XSS attacks. More info here: http
Tracker Issue Security Code Analyzer reports false positives for upload code, and repeats warnings/errors
) uploadForm.cfm (Type: Error / Security Level: High)
Your form is prone to CSRF attack
For upload and uploadall action of cffile tag , best practice is to use destination='#getTempDirectory()#'
Your code is vulnerable to XSS attack
(c) multiUpload.cfm (Type: Error / Security Level: High)
Your code
to fix XSS holes, it should not have to be added to each nested cfoutput tag.
Steps to Reproduce:
Take a query and cfoutput over it with encodefor then use the group attribute and add a nested cfoutput tag. For example:
")>
#news.title#
I also tested a case where you have a
Tracker Comment Comment on CFForm issue in CF11 by External U.
be canonicalizing each parameter name and parameter value independently.
There's some history to this:
Adobe had originally removed the default form action in CF10 (and released a hotfix to do the same for CF8 and CF9) due to XSS. However, this caused URL parameters to vanish when passed into a CF AJAX container
Tracker Comment Comment on Bizzare behavior in cflayout due to change in default setting for action in cfform by Adobe D.
2614735 CF-3080158 Adobe D. CFLayout, Ajax Tags, Security
Bug Number:CF-3080158
Reviewer:Awdhesh
Description: We stopped adding action (if not specified in tag) attribute for cfform tag due to XSS Security issue. Due to this Ajax tags which embed a cfm as a url bind, fails. Fixing it. Now we
Tracker Issue Security Analyzer - CGI scope is not "Safe"
2673376 CF-4126678 Security Analyzer David Epler Security Analyzer - CGI scope is not "Safe" When running the security analyzer across attached code it should flag the use of CGI.HTTP_USER_AGENT in line 1 as XSS and line 4 as SQLi.
There are numerous items populated into CGI scope that come
2673390 CF-4126655 Security Analyzer David Epler Security Analyzer - Fails to detect variables in struct notation The security analyzer can not detect XSS or SQLi when variables are changed from from scope.variablename to scope["variablename"]
----------------------------- Additional Watson
Tracker Issue encodeFor attribute for cfoutput, writeOutput
an easy way to protect against XSS, especially in legacy code bases.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3434473
External Customer Info:
External Company:
External Customer Name: David Epler
External Customer Email:
Tracker Issue Support for CSP in CF Tags that generate JS
6821594 CF-4207244 Wishlist Support for CSP in CF Tags that generate JS Content-Security-Policy (CSP) is a browser security mechanism that allows you to restrict how resources are loaded. This offers a very good protection from XSS in browsers that support it. See https
2609244 CF-3865064 External U. My JVM flags have never included "-Dcoldfusion.dbvarDependants={DSN}". My JVM flags are as follows:
-server -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -XX:MaxPermSize=192m -XX:NewRatio=4 -XX:SurvivorRatio=8 -XX:+UseCompressedOops -Xss256k