Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:
  • Page:
  • 1
  • 2

TOPIC: Failed Security Scan - :dry: - Version 2.00+ Build 131022

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103278

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9298
  • Thank you received: 1330
  • Karma: 386
You give me all information I need :).

For acunetix : no time actually (and can only use unregitred version, an i think it don't work on linux :) ).

To test with the patch : you can directly download from github : github.com/LimeSurvey/LimeSurvey/archive/master.zip
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103619

  • mas_carpone
  • mas_carpone's Avatar
  • Offline
  • Gold Lime
  • Posts: 190
  • Thank you received: 14
  • Karma: 3
Dear Denis, Colleagues,

Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
I think unfortunatelly since my IT department can not link up directly with you I have everybody loose a lot of time on this... :(

We are trying to secure the help of a consultant on this that will sit in the IT department so he can test in the final environment and with the tools they are using here (what a pain... :( )

In any case I will ask that person of course to keep you all posted on this issue,

Sorry for all the trouble - guess I'm working for a particularly difficult organization unfortunately...
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103622

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9298
  • Thank you received: 1330
  • Karma: 386
Hi,
mas_carpone wrote:
Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
We allways correct security bug in priority .

I don't understand: we do a lot of job for XSS in LimeSurvey.

Denis
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.
The following user(s) said Thank You: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103625

  • mas_carpone
  • mas_carpone's Avatar
  • Offline
  • Gold Lime
  • Posts: 190
  • Thank you received: 14
  • Karma: 3
Hi Denis,

The main problem here doesn't lie with the community at all. The tool is fantastic, and the more I use it the more I imagine new possible projects on which LS could play a big part... I am afraid our internal IT system is the issue here, I don't know :(

But I find myself facing a wall here... Apparently the latest test fed back more issues than the previous one and they have basically refused to re-test...

If there is a way to attach a document, I am happy to share the full developer report with you.
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103627

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9298
  • Thank you received: 1330
  • Karma: 386
Hi,

Send me to denis<AT>sondages<DOT>pro , i send it to our bug report system.

Denis
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.
The following user(s) said Thank You: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 2 years 7 months ago #103629

  • mas_carpone
  • mas_carpone's Avatar
  • Offline
  • Gold Lime
  • Posts: 190
  • Thank you received: 14
  • Karma: 3
Done
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.298 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form