Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Showing results for 
Search instead for 
Did you mean: 
Kalkumar
Partner - Contributor III
Partner - Contributor III

Qlikview JavaScript Hijacking: JSONP

Hi,

We got a security finding in our Qlikview dashboard scan named "JavaScript Hijacking: JSONP."

 I wanted to know if JSON data is being validated in Qlikview. 

Details and screenshot:- 

JSON Hijacking is an advanced attack that similar in form to Cross-Site Request Forgery but more dangerous in that a malicious site is able to obtain information from the target site. This interception ("hijacking") of confidential data occurs when a response to a HTTP GET request is returned in JSON format. JSON Hijacking is a technique that through overloading the Array or Object constructures in browser scripting languages with constructors which allows an attacker to intercept the data. This allows the malicious site to monitor JSON messages and possibly steal sensitive data.


Labels (4)
0 Replies