Hi,
We got a security finding in our Qlikview dashboard scan named "JavaScript Hijacking: JSONP."
I wanted to know if JSON data is being validated in Qlikview.
Details and screenshot:-
JSON Hijacking is an advanced attack that similar in form to Cross-Site Request Forgery but more dangerous in that a malicious site is able to obtain information from the target site. This interception ("hijacking") of confidential data occurs when a response to a HTTP GET request is returned in JSON format. JSON Hijacking is a technique that through overloading the Array or Object constructures in browser scripting languages with constructors which allows an attacker to intercept the data. This allows the malicious site to monitor JSON messages and possibly steal sensitive data.