DOMXSS vulnerability/EN

Aus Siwecos
Version vom 3. April 2019, 16:06 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Checking the JavaScript code for DOMXSS sinks

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive No unsafe code components for DOMXSS sinks were recognized in an automatic check.
Result negativ Unsafe JavaScript code used (sinks).
Description At least one code segment was found by scanning your website that may, under certain circumstances, indicate a DOM-based cross-site scripting vulnerability. This segment can be a security flaw on your website.
Background Cross-Site-Scripting is a method of manipulating and infiltrating the HTML code on your website. It allows an attacker to send scripts indirectly to your visitor's browser and to execute malicious code on the side of the visitor.
Consequence Cross-site scripting allows criminals to store malicious code on your website. This code can infect your visitors or customers and thus cause severe harm, for example if the malicious code leads to the installation of a ransomware in their company's network. In this case you could be held liable for the damage. IT security companies could list you on their index of dangerous websites and thus prevent access to your website for security reasons. The information that your website contains/contained malicious code can still be found by search engines, even many years after the malicious code was removed. If your website is listed on such a blacklist, you may no longer be able to receive or send emails, because your entire network and the IP would be rated as a security risk to others.
Solution/Tips If unsafe JavaScript code was reported, the web application may be vulnerable to so-called DOMXSS attacks.

The check result can only be taken as an indication of security flaws. Further tests are necessary to confirm that there are vulnerabilities on the website.