Vulnerability detected CWE ID 80 in version 99.99.99.2378

[TatianaGarcia94]

En las rutas:

• document-server-integration/web/documentserver-example/php/doceditor.php lines 295, 47, 49, 48
• document-server-integration/web/documentserver-example/php/index.php lines 146, 151, 156, 191, 203, 208, 213, 217, 223, 229 Nombre de la vulnerabilidad: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Modo de detección: Se realizó un escaneo estático, el cuál detecto la línea mencionada como vulnerabilidad según los estándares de seguridad

[ShockwaveNN]

Hi, I've shown your issue to our dev team, thanks.

Is this result of some kind of vulnerability scan app?

[TatianaGarcia94]

Dear, I understand that it is a development version, but in the latest version that is available to the public for use, the vulnerabilities mentioned are presented. The vulnerability was detected through a Veracode code analysis application

[ShockwaveNN]

I understand that it is a development version

I'm not saying there is no vulnerabilities, I've just asked scanner tool

Veracode it is

[TatianaGarcia94]

yes, it is Veracode

[LinneyS]

document-server-integration/web/documentserver-example/php/doceditor.php lines 47, 49, 48 I looked at the indicated places and did not find potentially dangerous

[LinneyS]

document-server-integration/web/documentserver-example/php/doceditor.php lines 295 Removed unused parameters

document-server-integration/web/documentserver-example/php/index.php lines 146, 151, 156, 191, 203, 208, 213, 217, 223, 229 I confirm the vulnerability