I am working on a legacy system, we just scanned it with HP Fortify and got JavaScript Hijacking: Vulnerable Framework, the code is below. What Can I do to secure this? I am not entirely understanding the issue.
function getMissionOverwriteDocsDataCountComponent(siteNo, fcg, catCode, facNo, assetUid, compNo) {
// Make the Ajax call
$.ajax({
url: 'MissionOverwriteAj.aspx',
data: {
reqType: 'getMissionOverwriteDocsCountComponent',
siteNo: siteNo,
fcg: fcg,
catCode: catCode,
facNo: facNo,
assetUid: assetUid,
compNo: compNo
},
dataType: "text",
cache: false,
async: false,
error: errorFunc,
success: function(response){
//alert(response);
attCount = response;
}
});
}
This calls an ASPX page in VB
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim reqType As String = Request.Params("reqType")
userID = Session(UserID).ToString()
orgID = Session(OrgID).ToString()
facility = New Facility(Request.Params("siteNo"),
Request.Params("facNo"),
Request.Params("fcg"),
Request.Params("catCode"),
Request.Params("assetUid"))
' Determine what type of call is being made.
Select Case reqType
Just kinda going on a gamble here. I think it might be referring to jQuery, but that section of your code comes up since it contains jQuery.
This site shows that Jquery has some issues in earlier versions. Try updating jQuery and rerun your audit. That should hopefully resolve the issue.