search : xss

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

Terminology: XSS Attack
XSS Bug on https://coldfusion.adobe.com
Input validation to avoid XSS
Security Analyzer XSS Warning on XmlFormat HTMLEditFormat
Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by Charlie Arehart
Inconsistent XSS markings for built-in-functions (BIF) that return integers
Comment on Input validation to avoid XSS by Charlie Arehart
Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow)
Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by Bernhard Döbler
Comment on Input validation to avoid XSS by Charlie Arehart
Comment on Input validation to avoid XSS by JS_Webtrax
Comment on Input validation to avoid XSS by Charlie Arehart
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by External U.
Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by External U.
Comment on Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by External U.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Inconsistent XSS markings for built-in-functions (BIF) that return integers by S P.
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by External U.
OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by CFwatson U.
Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy()
Comment on Security Analyzer XSS Warning on XmlFormat HTMLEditFormat by CFwatson U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on Bug 80336:(Watson Migration Closure)I'd also love to see CF add better XSS integration integration by External U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by External U.
Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Comment on OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS by CFwatson U.
Comment on Security Analyzer - Fails to detect XSS when variable goes through duplicate(), structAppend(), or structCopy() by CFwatson U.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
2609111 CF-3928688 Piyush K. Stephen, You seem to have a lot of custom parameters set in your jvm config file. Can you try bumping up the number for -Xss parameter to, say, -Xss512k. If that doesn't help can you pls. verify if the issue exists with the default ColdFusion jvm.config file?
cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities
2609140 CF-3923189 External U. Hi Suchika, You're very welcome! Once implemented, 's XSS protection will be one of its key advantages. Thanks!, -Aaron
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by S P.
Comment on cookies will be corupt/session will not hold after enable secure cookie custom header to prevent xss vulnerabilities by Norbert L.
(Update 2) security analyzer does not detect xss and csrf (Japanese Ver.)
Tracker Issue bug bounty test
2608988 CF-3949694 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949694 External Customer Info: External Company
Tracker Issue bug bounty test
2608989 CF-3949693 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949693 External Customer Info: External Company
Tracker Issue bug bounty test
2608990 CF-3949692 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949692 External Customer Info: External Company
Tracker Issue bug bounty test
2608991 CF-3949691 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949691 External Customer Info: External Company
Tracker Issue bug bounty test
2608992 CF-3949690 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949690 External Customer Info: External Company
Tracker Issue bug bounty test
2608993 CF-3949689 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949689 External Customer Info: External Company
Tracker Issue bug bounty test
2608994 CF-3949688 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949688 External Customer Info: External Company
Tracker Issue bug bounty test
2608995 CF-3949687 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949687 External Customer Info: External Company
Tracker Issue bug bounty test
2608996 CF-3949686 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949686 External Customer Info: External Company
Tracker Issue bug bounty test
2608997 CF-3949685 Administrator steve borosh bug bounty test veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949685 External Customer Info: External Company: External Customer Name: steve
Tracker Issue bug bounty test
2608998 CF-3949678 Administrator steve borosh bug bounty test Duplicate ID: CF-3949685 veris-->group [[" onmouseover="alert('XSS');" ] ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3949678 External Customer Info: External Company
://bugbase.adobe.com/index.cfm?event=login∨igEvent=";alert('RVRSH3LL_XSS')//
2609140 CF-3923189 External U. Here are the current attributes. Except for apiversion, format, render and encodeoutput, the remaining attributes were added b/c the extraoptions attribute allows XSS. So all plugin options needed to be added as tag attributes. The apiversion, format, render
2612744 CF-3434473 External U. You did not read the full ticket. I was not talking about encoding the entire block only things that were inside of #'s http://www.dcepler.net/post.cfm/better-xss-protection-for-cfml Also closing as "NotABug" is not appropriate for a feature request.
2612744 CF-3434473 External U. Hi Adam, I like the concept (simplifying XSS protection - if Adobe can do it properly), but do agree the current implementation isn't desirable. The [community] discussion has been very good lately; hopefully it's not too late! Thanks!, -Aaron
.messageWithFunction = ucase(variables.scopedMessage); writeOutput(variables.messageWithFunction); variables.messageFollowingGuidance = encodeForHtml(unscopedMessage); writeOutput(variables.messageFollowingGuidance); This line is singled-out with an XSS warning: writeOutput(variables.messageWithFunction); Why
2608196 CF-4165797 Milan C. reReplaceNoCase method internally makes recursive calls on your regex, the bigger your text is bigger stack(for recursive calls) it will create. Java sets some default value on maximum size of the stack which you can increase in jvm.config file using this "-Xss" property
2672830 CF-4161177 Security Analyzer ext-user While flagging certain functions that return strings, it should be flagged as error instead of warning. Problem: While flagging certain functions for XSS, it should be flagged as error instead of warning. Method: The functions ucase
2614735 CF-3080158 Adobe D. Done a Adhoc testing things are working fine. ON OWSAP it is clearly mention. EncodeForHTMLAttribute: This should not be used for complex attributes like href, src, style, or any of the event handlers like onmouseover. url : https://www.owasp.org/index.php/XSS
Peter Freitag ColdFusion 2016 Security Enhancements: EncodeFor ColdFusion 2016 added a handy enhancement to make writing secure CFML code easier for developers. This enhancement helps developers protect large chunks of code from a security vulnerability known as Cross Site Scripting or XSS. What
/or their member function equivalents added in CF2016. These all perform encoding based on the OWASP ESAPI project. As you posted xss/">another question at the same time, and I had already answered that in more detail, with links
ForHTML(listing.lastName & ", " & listing.firstName)# **listing.recordCount and listing.currentRow should not be marked as vulnerable to xss attack. 2)Other tag-specific variables should also follow this: cfquery/cfldap/cfpop/cfsearch queryname.CurrentRow queryname.RecordCount CFQUERY.ExecutionTime CFSTOREDPROC
, it goes to Adobe documenting the change and being extremely explicit that it is not a silver bullet to preventing XSS.
2673380 CF-4126669 Security Analyzer David Epler Security Analyzer - Better information for HTMLEditFormat Prior to ColdFusion 10, the only way to escape/encode for XSS was mostly through the use of HTMLEditFormat. This function was deprecated when in ColdFusion 10 the ESAPI EncodeFor* functions
-Dcoldfusion.encodeformaction=false system property. This will roll back the behavior to CF901 behavior where we will generate the form action with script name and query parameters. This is however prone to XSS attacks and is not recommended for use. IT is only for backward compatibility. Changelist comment
GavinPickin Modernize or Die® – CFML News for August 4th, 2020 – Episode 64 For the show notes – visit the website https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-for-august-4th-2020-episode-64 Watch the video version on YouTube at https://youtu.be/12koq9xss1s Summary Gavin
2601393 CF-3038010 Security : General Pete Freitag Bug 76211:A Attribute httponly is needed for the CFCOOKIE tag Problem: A Attribute httponly is needed for the CFCOOKIE tag. This is a security feature that makes the cookie inaccessible from JavaScript to mitigate XSS attacks. More info here: http
) uploadForm.cfm (Type: Error / Security Level: High) Your form is prone to CSRF attack For upload and uploadall action of cffile tag , best practice is to use destination='#getTempDirectory()#' Your code is vulnerable to XSS attack (c) multiUpload.cfm (Type: Error / Security Level: High) Your code
to fix XSS holes, it should not have to be added to each nested cfoutput tag. Steps to Reproduce: Take a query and cfoutput over it with encodefor then use the group attribute and add a nested cfoutput tag. For example: ")> #news.title# I also tested a case where you have a
be canonicalizing each parameter name and parameter value independently. There's some history to this: Adobe had originally removed the default form action in CF10 (and released a hotfix to do the same for CF8 and CF9) due to XSS. However, this caused URL parameters to vanish when passed into a CF AJAX container
2614735 CF-3080158 Adobe D. CFLayout, Ajax Tags, Security Bug Number:CF-3080158 Reviewer:Awdhesh Description: We stopped adding action (if not specified in tag) attribute for cfform tag due to XSS Security issue. Due to this Ajax tags which embed a cfm as a url bind, fails. Fixing it. Now we
2673376 CF-4126678 Security Analyzer David Epler Security Analyzer - CGI scope is not "Safe" When running the security analyzer across attached code it should flag the use of CGI.HTTP_USER_AGENT in line 1 as XSS and line 4 as SQLi. There are numerous items populated into CGI scope that come
2673390 CF-4126655 Security Analyzer David Epler Security Analyzer - Fails to detect variables in struct notation The security analyzer can not detect XSS or SQLi when variables are changed from from scope.variablename to scope["variablename"] ----------------------------- Additional Watson
an easy way to protect against XSS, especially in legacy code bases. ----------------------------- Additional Watson Details ----------------------------- Watson Bug ID: 3434473 External Customer Info: External Company: External Customer Name: David Epler External Customer Email:
6821594 CF-4207244 Wishlist Support for CSP in CF Tags that generate JS Content-Security-Policy (CSP) is a browser security mechanism that allows you to restrict how resources are loaded. This offers a very good protection from XSS in browsers that support it. See https
2609244 CF-3865064 External U. My JVM flags have never included "-Dcoldfusion.dbvarDependants={DSN}". My JVM flags are as follows: -server -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -XX:MaxPermSize=192m -XX:NewRatio=4 -XX:SurvivorRatio=8 -XX:+UseCompressedOops -Xss256k