Vulnerbilities found from VAPT scan
sandycja opened this issue · comments
Hi, I have one project webAR project with artoolkit library. Everything is working fine. But in this project, we need to submit our code to scan thru VAPT (Vulnerability Assessment and Penetration Testing). We completed the scan and found 2 "Improper Neutralization of Input During Web Page Generation ('Crosssite Scripting')" weakness.
We don’t think it’s a real vulnerability, more like a false positive but our security team requires us to get an explanation from the author of the library (ARtoolkit.js) to prove that the vulnerabilities are indeed a false positive.
Can anyone help me with this? I can send more details privately, if more information is needed.
I’m not quite sure what you are looking for. The artoolkit.js library is an Emscripten compilation of the artoolkit C++ code which you can find just next to the jsartoolkit5 repository.