Galaxy prone to XSS and HTML injection attacks - galaxy-dev - lists.galaxyproject.org

newer
Galaxy Local Installation Issue

Galaxy prone to XSS and HTML injection attacks

older
Re: [galaxy-dev] [galaxy-user]...

Paul, Rohit (NIH/NCI) [C]

19 Mar 2011 19 Mar '11

10:37 a.m.

We recently ran a Nessus vulnerability scan against our server that hosts a local installation of Galaxy. The scan report showed that the web application is vulnerable to XSS and HTML injection attacks. In order to determine if/when these vulnerabilities will be fixed, where should I either send or post the scan results? -Rohit

Attachments:

attachment.htm (text/html — 1.9 KB)

Reply

Sign in to reply online Use email software

Show replies by date

Dannon Baker

19 Mar 19 Mar

2:44 p.m.

I'd be happy to review the scan results, feel free to send them to me. I'll share it with the rest of the team as well. Thanks! -Dannon On Mar 19, 2011, at 11:37 AM, Paul, Rohit (NIH/NCI) [C] wrote:

We recently ran a Nessus vulnerability scan against our server that hosts a local installation of Galaxy. The scan report showed that the web application is vulnerable to XSS and HTML injection attacks. In order to determine if/when these vulnerabilities will be fixed, where should I either send or post the scan results?

-Rohit

___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:

http://lists.bx.psu.edu/

Reply

Sign in to reply online Use email software

5027

Age (days ago)

5027

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Dannon Baker
Paul, Rohit (NIH/NCI) [C]