cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ITS Security

Former Member

on ‎05-25-2005 11:34 AM

0 Kudos

We working here on ITS 6.20 Patch 14 and received a note that the ITS has a vulnerability to Cross Server Scripting (XSS).

Having checked SAPNet notes and other posts regarding this security issue, I've found the following notes who claim to address this issue:

598074, 595383 and 654038

However, all 3 of those seem to deal with other ITS security vulnerabilities.

Does anyone know how input/output validation needs to be altered in order to prevent JS code being executed in HTML templates? Is this an IIS setting?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member316351
Active Contributor
‎05-28-2005 2:11 AM
0 Kudos

Hello Michael,

There is a new note, 820916, that is related to cross site scripting. The ITS 6.20 patch 18 now addresses some of the issues with cross site scripting.

Other web server forums also note that Microsoft's URLscan tool for IIS is capable of detecting some cross site scripting, but I have not tested this.

Best regards,

Edgar Chuang

Show replies
Show replies
Ask a Question