locked
Vulnerability issues related to Core.js RRS feed

  • Question

  • Hi Team,

    After Security scan, below are the security issues reported against core.js file.

    Background: 

    SharePoint Version: MOSS 2007 with SP1

    OS: win 2003  64 bit

    Line 4470:Unsafe client output setting document.cookie to tainted value

    Line 4470:String concatenation with user-controlled value

    Line 2872:Assignment of "path" to user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2872:String concatenation with user-controlled value

    Line 2855:Assignment of "path" to user-controlled value

    Line 2855:String concatenation with user controlled value

    Line 2855:String concatenation with user-controlled value

    Line 2855:String concatenation with user-controlled value

    Line 2855:String concatenation with user-controlled value

    Line 2855:String concatenation with user-controlled value

    Line 2844:Initialization of "source" from user-controlled value

    Line 2844:"window.location.href" is controlled by the user

    NOTE: we have NOT customized this file.

    Please advise us on how we can address these issues.  

    Please let us know, if any other info is required. 


    Muralidharan

    Thursday, November 7, 2013 11:49 AM

All replies

  • Hi ,

    We are also facing the same issue. Please let us know on the fix to avoid xss

    Regards,

    Kiran Kumar Maalay

    Friday, November 8, 2013 4:55 AM