Skip to main content
G
GV_104008111-Visitor
1-Visitor
July 23, 2024
Question

Cross Site Scripting Issue on Windchill UI

  • July 23, 2024
  • 2 replies
  • 726 views
I am using Windchill PDMLink Release 12.0 and Datecode with CPS 12.0.1.0

During Penetration testing, getting Cross Site Scripting (XSS) vulnerability issue on one of the customized UI Pages in Windchill.

Here are the errors that I faced
During Penetration testing, when the Windchill payload is changed via burp suite tool, It is observed that user can add any alert script in the payload and send the request which will cause change in the request and making the system vulnerable to the attackers/hackers

    2 replies

    Marco Tosin
    21-Topaz I
    Marco Tosin21-Topaz I
    21-Topaz I
    July 23, 2024

    It is always a good idea, for security reasons, to avoid going into detail about possible problems such as the one you are reporting.

     

    Also, the user community is not the right place to write this information.

     

    If you believe that a security problem exists, you should open a case to support, who will guide you in a possible temporary solution and possibly proceed to make a patch for all other users.

     

     

    Marco
      Catalina
      CatalinaCommunity Manager
      Community Moderator
      July 26, 2024

      Hi @GV_10400811,


      I wanted to see if you got the help you needed.


      If so, please mark the appropriate reply as the Accepted Solution. It will help other members who may have the same question.
      Please note that industry experts also review the replies and may eventually accept one of them as solution on your behalf.
      Of course, if you have more to share on your issue, please pursue the conversation.

      Thanks,

      Catalina | PTC Community Moderator
      Terms & ConditionsCookie settingsAccessibility statement