I found a bunch of the same stuff (and more). Looks like most of it is duplicates on the same pages/attributes.
For Example, on hobbit-enadis.sh, ippattern is not validated. This shows up for me as multiple issues, but it's one root cause.
What you have to decide is how much of a risk does this really pose.
Any of the pages that allow you to change anything should be password protected and only trusted users should be able to access. There is not a SQL server behind the thing, so who cares about SQL injection. They are not going to delete your data.
Stewart
On Fri, Jun 19, 2009 at 11:18 AM, Stewart L <stewartl42 at gmail.com> wrote:
It's usually a bit more complicated that just quoting the user input. I'm actually scanning a fresh install with IBM Appscan Enterprise when you mentioned it... :)
On Fri, Jun 19, 2009 at 11:09 AM, David Cecchino < david.cecchino at datacure.com> wrote:
HP Webinspect scans of xymon show it is vulnerable to XSS , is there a way of putting quotes around the url variables/strings?
-- Stewart
An infinite number of mathematicians walk into a bar. The first one orders a beer. The second orders half a beer. The third, a quarter of a beer. The bartender says "You're all idiots", and pours two beers.
-- Stewart
An infinite number of mathematicians walk into a bar. The first one orders a beer. The second orders half a beer. The third, a quarter of a beer. The bartender says "You're all idiots", and pours two beers.