Details

    • Team:
      Team D
    • Sprint:
      Sprint 8, Sprint 9, Sprint 10, Sprint 11, Sprint 12, Sprint 13, Sprint 14, Sprint 15, Sprint 32, Sprint 33, Sprint 34
    • Story Points:
      1

      Description

      Our VA NSOC WASA team has found the 2 High Findings during a WASA security Scan and need assistance from Zabbix to address the findings.

      1. Web Application is Vulnerable to Stored Cross-Site Scripting (XSS) Attacks

                1.	Login to the Zabbix application 
                2.	Navigate to Maps > Create Map > Add Icon > Add Link > URL:   Name: test URL: javascript:alert('eas') 
                3.	Update Map
                4.	Return to Map
                5.	Click created icon
                6.	Observe JavaScript POC. 
      

      2. Web Application is Vulnerable to Cross-Site Request Forgery (CSRF)

      1.	Log on to Application
      2.	Navigate Administration--> Users --> Create Users
      3.	Click attached html
       
      4.	Observe new user added
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gcalenko Gregory Chalenko
                Reporter:
                eric.lutjen Eric Lutjen
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: