cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Cross Site Scripting Issue on Windchill UI

GV_10400811
1-Visitor

Cross Site Scripting Issue on Windchill UI

I am using Windchill PDMLink Release 12.0 and Datecode with CPS 12.0.1.0

During Penetration testing, getting Cross Site Scripting (XSS) vulnerability issue on one of the customized UI Pages in Windchill.

Here are the errors that I faced
During Penetration testing, when the Windchill payload is changed via burp suite tool, It is observed that user can add any alert script in the payload and send the request which will cause change in the request and making the system vulnerable to the attackers/hackers
2 REPLIES 2

It is always a good idea, for security reasons, to avoid going into detail about possible problems such as the one you are reporting.

 

Also, the user community is not the right place to write this information.

 

If you believe that a security problem exists, you should open a case to support, who will guide you in a possible temporary solution and possibly proceed to make a patch for all other users.

 

 

Marco

Hi @GV_10400811,


I wanted to see if you got the help you needed.


If so, please mark the appropriate reply as the Accepted Solution. It will help other members who may have the same question.
Please note that industry experts also review the replies and may eventually accept one of them as solution on your behalf.
Of course, if you have more to share on your issue, please pursue the conversation.

Thanks,

Catalina
PTC Community Moderator
Announcements


Top Tags