Hey, <br />
<br />
We ran the app security scan on one of our applications. Most high-risk issues are found related to BIRT Viewer. The viewer is deployed on the Oracle Java Web Server HTTPS. Is there any easy way we could mitigate the risk? I am thinking of using API or taglib. But those may limit the abilities of displaying any customized report. <br />
<br />
Any insight or advice is much appreciated!!!! <br />
<br />
Below is the actual scan report. <br />
<br />
[1] Cross-Site Scripting<br />
Severity: High<br />
Test Type: Application<br />
Vulnerable URL: <a class='bbc_url' href='
https://xserver/birt/run'>https://xserver/birt/run</a> (Parameter = __report)<br />
Remediation Tasks: Filter out hazardous characters from user input<br />
<br />
The following changes were applied to the original request:<br />
• Set parameter '__report's value to '>%22%27><img%20src%3d%22javascript:alert(234029)%22>'<br />
<br />
Validation In Response:<br />
• : /opt/sun/webserver7/https-xserver/web-app/https-xserver/birt/>"'><br />
<img src="javascript:alert(234029)"> does not exist or contains errors.<br />
at org.eclipse.birt.report.context.ViewerAttributeBean.getDes<br />
Reasoning:<br />
The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack.
