security tests on jasperserver

[ags710]

Hi,

 

We are using jasperserver-ce-3.7.0 on windows xp with tomcat6 and oracle-10g for reporting,as per reports everything is working fine. But the problem is the jasperserver which we are using has to undergo some security tests where its failed...details are below:

1) In manage screen user module while editing the user when test-team insert some scripts in place of user-name(like <script>'alert('1')' etc) the screen gets struck and users list which which is displayed get disappear and we cannot do any operation on it as cursor is always busy there.  this get's resolved as soon as we refresh the jasper-database but again we come through same problem when tests on jasperserver are repeated.

2) The same is the problem with the roles module.

 

Can any one please help me how to get rid of this problem asap as security tests are must for this.

Thanks in advance.

Please revert back if any idea.

 

Post Edited by ags710 at 08/09/2010 05:34

[ags710]

ags710
Wrote:

Hi,   We are using jasperserver-ce-3.7.0 on windows xp with tomcat6 and oracle-10g for reporting,as per reports everything is working fine. But the problem is the jasperserver which we are using has to undergo some security tests where its failed...details are below: 1) In manage screen user module while editing the user when test-team insert some scripts in place of user-name(like <script>'alert('1')' etc) the screen gets struck and users list which which is displayed get disappear and we cannot do any operation on it as cursor is always busy there.  this get's resolved as soon as we refresh the jasper-database but again we come through same problem when tests on jasperserver are repeated. 2) The same is the problem with the roles module.   Can any one please help me how to get rid of this problem asap as security tests are must for this. Thanks in advance. Please revert back if any idea.   Post Edited by ags710 at 08/09/2010 05:34