Skip to Content
0
Former Member
Apr 23, 2015 at 04:13 PM

Security issues from Burp scanner

233 Views

Hi,

Please could you help fix the below mentioned security violations on https://localhost:443..

We might have to fix it from the source.

Cross-site scripting (reflected) => The value of the chartId request parameter is copied into the HTML document as plain text between tags. The payload d91e22f764 was submitted in the chartId parameter. This input was echoed unmodified in the application's response.

Cross-domain script include

script type="text/javascript" src="https://www.google.com/jsapi"

Frameable response (potential Clickjacking)

/acceleratorservices/hop-mock /monitoring/database /platform/dryrun/execute /poll /static/js/modernizr-1.7.min.js

Credit card numbers disclosed

The following credit card number was disclosed in the response: 4111111111111111

Cacheable HTTPS response

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS.

HTML does not specify charset

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyze the HTML and attempt to determine which character set it appears to be using.