[ensembl-dev] XSS Vulnerability in web frontend
Ben Warren
Ben.Warren at plantandfood.co.nz
Thu Oct 9 03:53:29 BST 2014
Hi All,
I am trying to host an EnsEMBL instance which will be open to public access. I have been told(by a security audit) that there is a cross-site scripting vulnerability in the EnsEMBL frontend.
As far as I understand this could allow the web content to be altered by a URL with markup(HTML) code in it. Is this a risk I should be worried about? Is there some documentation regarding EnsEMBL web security which I should be reading?
Kind Regards
Benjamin
The contents of this e-mail are confidential and may be subject to legal privilege.
If you are not the intended recipient you must not use, disseminate, distribute or
reproduce all or any part of this e-mail or attachments. If you have received this
e-mail in error, please notify the sender and delete all material pertaining to this
e-mail. Any opinion or views expressed in this e-mail are those of the individual
sender and may not represent those of The New Zealand Institute for Plant and
Food Research Limited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ensembl.org/pipermail/dev_ensembl.org/attachments/20141009/831168df/attachment.html>
More information about the Dev
mailing list