Hi - We recently upgraded to Captivate 2019 to update some old video content. Our Fortify On-Demand (FOD) security scan has flagged two files with High and Critical security flaws. I've searched the forum but can't find any reference to these issues in a later version of Captivate. I had hoped that by upgrading we wouldn't have these issues.
We are using these HTML5 videos on our web site as standalone introductions to our app, not part of an LMS.
FILE: CPXHRLoader.js
ISSUE: High severity Cross-Site Scripting: DOM on line 37. (Read g.href - Assignment to g.innerHTML)
I assume this is the section of code:
(h.a[b]=g.href,t()):(g.innerHTML='@import "'+r+'";',s(g))
FILE: Index.html
ISSUE: Critical severity Open Redirect on line 55.
ISSUE: High severity Cross-Site Scripting: DOM on line 55. (Read request.response - Assignment to window.location.href)
window.location.href = window.location.protocol + "//" + window.location.host + "/livepreview/" + response.folder + "/index.html";
1
Reply
AdChoices