[WEBUI-1511] Own Code Static Scan : Open Redirect - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
[May 2024] Veracode Scan Result Issues
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-5
Story Points:
2

Description

MEDIUM - 1 Findings
CWE 601 URL Redirection to Untrusted Site ('Open Redirect')

Flaw Category: Insufficient Input Validation

Description: A web application accepts a untrusted input that specifies a link to an external site, and uses that link to generate a redirect. This enables phishing attacks.

Remediation: Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. Check the supplied URL against a whitelist of approved URLs or domains before redirecting.

Attached screenshot for the code details in WebUI

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screenshot from 2024-05-10 12-11-51.png
239 kB
2024-05-10 06:42
Screenshot 2024-05-08 at 12.28.22 PM.png
71 kB
2024-05-08 07:02

Activity

People

Assignee:

Alok Ranjan

Reporter:

Madhur Kulshrestha

Participants:

Alok Ranjan, Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2024-05-08 06:59

Updated:

5 days ago 08:05