XSS Vulnerability in the CSSHandler.ashx - MarkitModules - Markit Community forums - Modules

NTForums

Unanswered Active Topics

Forums Search Members

XSS Vulnerability in the CSSHandler.ashx

Last Post 04 Mar 2010 02:39 AM by admin. 1 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

mikepalmer User is Offline

New Member
Posts:2

03 Mar 2010 05:36 AM
We recently completed a security review of our corporate website, where we are using the Markit Slideshow module on our homepage. The security company we commissioned identified an XSS vulnerability in the Markit module specifically in the CSSHandler.ashx file. Can you confirm if a fix is available for this? Many thanks. Mike Palmer. Webmaster. Brand-Rex Ltd.

admin

Senior Member
Posts:211

04 Mar 2010 02:39 AM
Hello, Our CSS handler only loads a CSS file and replaces some tokens with the values we send to it. It does not connect to database and does not affect on any file except template.css files. I will send you source of our CSS handler right now. Please check it out and let us know if there is something XSS Vulnerability on this.

You are not authorized to post a reply.

Active Forums 4.1