[ensembl-dev] XSS Vulnerability in web frontend

Ben Warren Ben.Warren at plantandfood.co.nz
Thu Oct 9 03:53:29 BST 2014

Hi All,

I am trying to host an EnsEMBL instance which will be open to public access. I have been told(by a security audit) that there is a cross-site scripting vulnerability  in the EnsEMBL frontend.

As far as I understand this could allow the web content to be altered by a URL with markup(HTML) code in it. Is this a risk I should be worried about? Is there some documentation regarding EnsEMBL web security which I should be reading?

Kind Regards


The contents of this e-mail are confidential and may be subject to legal privilege.
 If you are not the intended recipient you must not use, disseminate, distribute or
 reproduce all or any part of this e-mail or attachments.  If you have received this
 e-mail in error, please notify the sender and delete all material pertaining to this
 e-mail.  Any opinion or views expressed in this e-mail are those of the individual
 sender and may not represent those of The New Zealand Institute for Plant and
 Food Research Limited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ensembl.org/pipermail/dev_ensembl.org/attachments/20141009/831168df/attachment.html>

More information about the Dev mailing list