Page 1 of 1

Cross-site scripting?

Posted: Thu Oct 29, 2015 3:12 pm
by rainwadj
Our information security group has informed me that our Cmap Server, version 5.05, is being hit with a cross-site scripting attack, whereby visitors to a site somewhere else are being redirected through our Cmap Server to some other site or sites, usually some kind of ad site. Has anyone else seen this? Is there a way to plug this hole?


Re: Cross-site scripting?

Posted: Fri Oct 30, 2015 10:59 am
by cmapadmin
First, we recommend that you update the CmapServer to the latest version.

Can you provide more information? Is this being done through the URL resources in the CmapServer? Is your CmapServer open to anybody to save resources?

We haven't had this issue reported earlier.