0

Our company had a security scan done on our software that is running AspNetBoilerplate (Abp 2.0.2.0) and AspNet Zero as the framework.

The scan found three occurrences of Server-side JavaScript code injection in cookies (RequestVerificationToken, XSRF-TOKEN, AspNet.ApplicationCookie).

I was wondering how I can investigate further and remediate when it is in the framework?

Has anyone else had a security scan done and encountered these and, if so, are they false positives?

jazb
  • 5,498
  • 6
  • 37
  • 44
HIgh Pockets
  • 1
  • 1
  • That's (1) at best, vague — how is it injected, (2) not ABP-specific cookies, and (3) a 1.5-year outdated version of the framework and base solution. – aaron Nov 08 '18 at 15:46
  • a google search on `XSRF-TOKEN` will give you ammo to show it is a measure that `prevents` xss. – jazb Nov 09 '18 at 02:24

0 Answers0