Cross-Site Scripting Rad Script Manager

2 posts, 0 answers
  1. Wes
    Wes avatar
    5 posts
    Member since:
    May 2009

    Posted 14 Jul 2015 Link to this post

    I am using version 2013.2.717.45 and I had my site run through vulnerability testing.  I am having cross site vulnerability issues  returning in the following.

    • /ScriptResource.axd?d =f IXfSCXDMdPOprM9upV31XCUh62H5BipU6bxHY6xdjYTSrzQmRd9QwKEy
      qJFHKEwgm3o5vRI0pJt4iTihK7FQBev74pUlBqXZJolifFQvDTGJqbLKP3rNEwqpoXpU4nsux0-jz-eaK8oilloSHbU
      -0eRp3DtfizXDI7fxLUIUXjTOBqWuWjxs1AQv9ops3oo0%3c%73%43%72%49%70%54%3e%61%6c
      %65%72%74%28%38%36%32%38%36%29%3c%2f%73%43%72%49%70%54%3e &t=7b689585
    • /Telerik.Web.UI .WebResource.axd?_TSM_HiddenField_=ctl00_body_ctl00
      _RadScriptManager1_TSM&compress=1%3c%73%43%72%49%70%54%3e%61%6c
      %65%72%74%28%38%38%35%37%35%29%3c%2f%73%43%72%49%70%54%3e &_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions
      %2c+Version%3d4.0.0.0%2c+Culture%3dneutral %2c+PublicKeyToken%3d31bf3856ad364e35%3aen-US%3a88fd0407-24cf-4abd-9df5
      -22f81b2bc835%3aea597d4b%3ab25378d2%3bTelerik.Web.UI %2c+Version%3d2013.2.717.45%2c+Culture%3dneutral
      %2c+PublicKeyToken%3d121fae78165ba3d4%3aen-US%3a4401a8f1-5215-4b97 -a426-3601ce0fa0ff%3a16e4e7cd%3af7645509%3a24ee1bba
      %3af46195d3%3a2003d0b8%3a1e771326%3ae524c98b
    • /WebResource.axd?d =tvqaHeB_Qt6zlKxTjYmoVdBW9yFJob_NmsiT
      _jdYw1zX4QCRSLPZgwcQSiQpYWUKIHv_83YEJDhygbkITIqehXr1RrMZyc74nbt80GwoXh7OYkp
      _fEXBR5cez42Mn6r28jqsiLbDqWqk4aJsTIOD3Q2%3c%73%43%72%49%70 %54%3e%61%6c%65%72%74%28%35%38%35%31%36%29%3c%2f%73%43%72

     Is there a setting that I am missing to prevent these issue from occurring?

    Thanks,

     Wes

  2. Peter Filipov
    Admin
    Peter Filipov avatar
    1028 posts

    Posted 17 Jul 2015 Link to this post

    Hello Wesley,

    Could you please provide us the sample project which you have tested. Also give us more information about the tool that you used to test the application?

    Regards,
    Peter Filipov
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. UI for ASP.NET Ajax is Ready for VS 2017
Back to Top