Cross-site Script vulnerability in WebResource.axd

2 posts, 1 answers
  1. Paal Graf
    Paal Graf avatar
    1 posts
    Member since:
    Aug 2009

    Posted 30 Nov 2011 Link to this post

    We have found a Xss vulnerability in the Telerik.Web.UI.WebResource.axd [_TSM_CombinedScripts_ parameter], where it is possible to edit the javascript. We are currently using an older version of the library (2009.3.1103.20). Can anyone confirm that this issue is fixed in the latest release, and in what version was this issue solved?
  2. Answer
    Simon avatar
    2281 posts

    Posted 01 Dec 2011 Link to this post

    Hi Paal Graf,

    We have made fixes in this area however I cannot give you a precise date when they happened. Please test with the latest trial version of Telerik.Web.UI and provide the specific error message about the vulnerability.

    All the best,
    the Telerik team
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now
Back to Top