on 05-25-2005 11:34 AM
We working here on ITS 6.20 Patch 14 and received a note that the ITS has a vulnerability to Cross Server Scripting (XSS).
Having checked SAPNet notes and other posts regarding this security issue, I've found the following notes who claim to address this issue:
598074, 595383 and 654038
However, all 3 of those seem to deal with other ITS security vulnerabilities.
Does anyone know how input/output validation needs to be altered in order to prevent JS code being executed in HTML templates? Is this an IIS setting?
Hello Michael,
There is a new note, 820916, that is related to cross site scripting. The ITS 6.20 patch 18 now addresses some of the issues with cross site scripting.
Other web server forums also note that Microsoft's URLscan tool for IIS is capable of detecting some cross site scripting, but I have not tested this.
Best regards,
Edgar Chuang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
96 | |
10 | |
9 | |
6 | |
3 | |
3 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.