Working on a proprietary software application and using Fortify Static Code to do code scans for security vulnerabilities. Fortify identified 32 Critical: Dynamic Code Evaluation: Code Injection and 6 Cross-Site Scripting: DOM 6 issues. It appears to be an issue with the crystal report viewer and the Eval statement in the prompts_param.js file. We are researching if there is a code fix for the current 2013 version we have or will upgrading to Crystal Reports 2016 will fix these issues. Thank you for your response and if additional information is needed please let me know.
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.