Pentest has reported some Information Disclosure. Please help

Back to Forums

Thuan Ton That

Question

IIS

OutSystems 11

Security

Testing

Application Type

Reactive

We have got a reported from Pen test on Information Disclosure related to these. We are looking for help of how to avoid this leakage as the report told.

----------- BEGIN -------

It was identified that the application exposes system information to the end user. The following disclosures were identified:

JavaScript Libraries

• RequireJS - 2.3.6

React framework

• React-DOM - 16.14.0

SOAP APIs

• GetHtml

• ShowFeedback

• GetModernECT

Web servers

• IIS

---------- END --------

Thanks and regards

Thuan

16 Jan 2025

Daniël Kuhlmann

MVP

You should report it to https://www.outsystems.com/low-code-platform/security/csirt/

16 Jan 2025

Kilian Hekhuis

MVP

Hi Thuan,

Also be sure to read this documentation page about false positives when pen testing.

16 Jan 2025

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines