I ran HP Fortify tool to check vulnerable code in application code base and found the security issue in RadAjaxNamespace.js file for Cross site scripting. The detail of the scan for vulnerable code is below. Please let us know how could we fix this issue as the method seems vulnerable to cross site scripting attacks.
Abstract: The method l1b() in RadAjaxNamespace.js sends unvalidated data to a web browser
on line 1, which can result in the browser executing malicious code.
Source: RadAjaxNamespace.js:1 Read ~localScope.oe.responseText()
-1 ( function (){ob=25; if (typeof(window.RadAjaxNamespace)=="undefined" ||
typeof(window.RadAjaxNamespace.Version)=="\x75\x6e\x64efin\x65\x64" ||
window.RadAjaxNamespace.Version<ob){window.RadAjaxNamespace=
{Version:ob,IsAsyncResponse: false ,LoadingPanels:{} ,ExistingScripts:{} ,IsInRequest:
false ,MaxRequestQueueSize: 5 } ; var AjaxNS=window.RadAjaxNamespace;
AjaxNS.EventManager= {Ob:null,lb:function (){try {if (this.Ob==null){ this.Ob=[];
AjaxNS.EventManager.Add(window,"\165nload",this.ib); }}c...
0 if (typeof(Sys) != "undefined"){if (Sys.Application != null &&
Sys.Application.notifyScriptLoaded != null){Sys.Application.notifyScriptLoaded();}}
Abstract: The method l1b() in RadAjaxNamespace.js sends unvalidated data to a web browser
on line 1, which can result in the browser executing malicious code.
Source: RadAjaxNamespace.js:1 Read ~localScope.oe.responseText()
-1 ( function (){ob=25; if (typeof(window.RadAjaxNamespace)=="undefined" ||
typeof(window.RadAjaxNamespace.Version)=="\x75\x6e\x64efin\x65\x64" ||
window.RadAjaxNamespace.Version<ob){window.RadAjaxNamespace=
{Version:ob,IsAsyncResponse: false ,LoadingPanels:{} ,ExistingScripts:{} ,IsInRequest:
false ,MaxRequestQueueSize: 5 } ; var AjaxNS=window.RadAjaxNamespace;
AjaxNS.EventManager= {Ob:null,lb:function (){try {if (this.Ob==null){ this.Ob=[];
AjaxNS.EventManager.Add(window,"\165nload",this.ib); }}c...
0 if (typeof(Sys) != "undefined"){if (Sys.Application != null &&
Sys.Application.notifyScriptLoaded != null){Sys.Application.notifyScriptLoaded();}}