XSS Vulnerabilities

[phatsaqs]

Hello,

I am trying to resolve a number of issues with cross site scripting throughout the application on various input pages.
Is there a quick and easy way to apply anti XSS measures application wide without digging into the code?

[canelli]

Hi ,

we periodically made some vulnerablity tests on forma.lms . protect forma.lms from XSS is our first security goal.
There are a library that check and purify the input parameters and can be used on parameter not already checked .

Please send me a private message so we can discuss around your checks and patchs and incorporate your work in the official releases

Claudio

[phatsaqs]

What is the name of this library? Is it not being used in forma now? If so how can I enable it. If not what is the best way to incorporate it into forma?

[canelli]

in forma since version 1.0 and before in docebo 4.0.5 there is the common library

Code: Select all

lib\lib.filterinput.php

loaded by the common boostrap.php

the library purifies input using custom implementaton and the htmlpurifer third part libary

Please send XSS vulnerabilities you found in private mode (and share your), so we can analyze and fix (with your collaboration) them before share public

Claudio