Code Fix: XSS vulnerability on forms

  • 16 February 2021
  • 0 replies
  • 17 views

Badge +9
 

Code Fix: XSS vulnerability on forms

KB003597

PRODUCT
K2 Five 5.3 to 5.4
K2 Five (5.3) April 2020 Cumulative Update
K2 Five (5.3) April 2020 Cumulative Update Fix Pack 20

 

Issue Description

When you have a form that makes use of a server event to transfer a form parameter to a view parameter, the form becomes vulnerable to XSS.

Resolution

The fix is available in the following K2 versions:

K2 4.7 December 2019 Cumulative Update K2 Five (5.0) December 2019 Cumulative Update K2 Five (5.1) November 2018 Cumulative Update K2 Five (5.2) May 2019 Cumulative Update K2 Five (5.3) April 2020 Cumulative Update K2 Platform Classic(5.4)
X X X X Fix Pack 20 Fix Pack 12
  1. Ensure you have the correct K2 version and/or Cumulative Update installed. See KB001893 to see what Fix Pack level you have installed.
  2. Download the latest Fix Pack using the links in the table above for the version you require.
  3. Install the Fix Pack to apply the fix.

Considerations

To fix the XSS vulnerability we had to roll back the fix for KB003579.

 


0 replies

Be the first to reply!

Reply