Vulnerability Assessment & Penetration Testing - Cross Site Scripting

Nick26

I have recently had a Vulnerability Assessment done on my AwareIM application.

A few things have been rated at high. I'm not really sure on how these would be fixed and if its something I've done on my application!

Would anyone be willing to go over the assessment and give me some guidance? I'd rather not post it in an forum

Just out of curiosity, has anyone else had vulnerability testing done on their site?

These are the main things:
Vulnerability: Cross Site Scripting
Vulnerability: Out of date Version (jQuery UI Tooltip)
Vulnerability: Missing X-Frame-Options Header

Thanks
Nick

hpl123

Hi Nick,
I don't know very much about this and understand why you don't want to share this publicly but is important for all of us. Whatever more info you can share about vunerabilities and fixing them would be appreciated. What particular service did you use for the testing, would be good for us to be able to look into this ourselves. Another thing, send the report to Vlad and he will hopefully look into patching and fixing things in the Aware solution.

aware_support

Which version of Aware IM are you using? A few people have gone through the formal testing using an independent company and all vulnerability issues have been fixed to the best of our knowledge (including cross-site scripting)

Nick26

I'm running 8.5 (build 2829), so probably need to upgrade. Which looks like I can do now I have some potential users!

Can I send you through the assessment to have a look at? Happy to pay for some support to help me sort it out!

Nick