Activity

From 23 June 2023 to 22 July 2023

05 July 2023

09:15 AM Bug #16601 (Closed): [MW-1 & MW-4][BE] Stored Cross-Site Scripting (XSS)
Tested good by Feerman Nor Khairun Aqila Jesmen

03 July 2023

05:36 PM Bug #16601 (Resolved): [MW-1 & MW-4][BE] Stored Cross-Site Scripting (XSS)
Issued fixed
1. all *userId* in Administrator User Profile & user information were encoded at URL and source code.
... See Pin Leng
05:27 PM Bug #16601 (In Progress): [MW-1 & MW-4][BE] Stored Cross-Site Scripting (XSS)
Issue:
at the System Information, have user information on the URL. And from there, when click back to the user info... Nor Khairun Aqila Jesmen

26 June 2023

02:09 PM Bug #16602 (Resolved): [MW-2][BE] Poor Error Handling
CHANGES (SYSTEM OWNER AND MERCHANT)
# Create new ServerInfo.properties file in new created folder(s) /lib/org/apac... Nur Azza Syazwany Azizol
12:09 PM Bug #16602 (In Progress): [MW-2][BE] Poor Error Handling
To display customized screen when hit error 400,404,500
Error message either
Invalid browser action
or
Inva... Nor Khairun Aqila Jesmen
11:48 AM Bug #16602: [MW-2][BE] Poor Error Handling
Attached updated document v1.1 Nur Azza Syazwany Azizol
11:41 AM Bug #16602 (Resolved): [MW-2][BE] Poor Error Handling
Modify web.xml:
1. Add
<error-page>
<error-code>400</error-code>
<location>/cc_iam/WEB-INF/vm/400.vm</location>... Nur Azza Syazwany Azizol
09:44 AM Bug #16603 (Resolved): [MW-9][BE] Sensitive Field Forms Autocomplete
Path: cc_iam/src/main/webapp/WEB-INF/vm/user/userProfile
VM file changes:
1. userProfileDetail.vm
2. userProfile... Nur Azza Syazwany Azizol
 

Also available in: Atom