Issue Description
Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting.
Resolution
- Ensure you have K2 4.7 installed.
- Download and Install the K2 4.7 March 2018 Cumulative Update from K2 Partner and Customer Portal.
- Download the K2 4.7 March 2018 Cumulative Update FP23 from K2 Partner and Customer Portal.
- Install the K2 4.7 March 2018 Cumulative Update FP23 to apply the fix.