Articulate Presenter '13 XSS vulnerability reported by HR Fortify software scan
May 27, 2016
We have generated articulate presentations using Presenter '13.
We use the HP Fortify software to security scan the software, and we are getting a "Critical Cross Site Scripting" violation in a file that is generated by Articulate Presenter. The file is presenation.js, line 1757
anchorSource.href = window.location;
Can you please advise of the best way to fix this issue? Do you have an updated version that generates a presentation.js that does not have this reported vulnerability?
----------
The whole function is:
function UseXDomainRequest(strUrl)
{
var bResult = false;
if (IE)
{
var xmlHttp = CreateXmlHttp();
var anchorDest = (document.createElement("a"));
var anchorSource = (document.createElement("a"));
anchorDest.href = strUrl;
anchorSource.href = window.location;
bResult = (anchorDest.hostname != anchorSource.hostname || anchorDest.protocol != anchorSource.protocol || anchorDest.port != anchorSource.port);
}
return bResult;
}
2 Replies
Hi Andrew!
My advice would be to reach out to our support team, but it appears that you have done so :) I see whee you submitted your case (00805941) to our team and you should be hearing from someone soon. I will follow along as well.
Hi Andrew!
I popped in to check on your case this morning and it appears that Vevette is assisting you and shared a possible solution.
This discussion is closed. You can start a new discussion or contact Articulate Support.