Issue Description

Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting.

Resolution

  1. Ensure you have K2 4.7 installed.
  2. Download and Install the K2 4.7 March 2018 Cumulative Update from K2 Partner and Customer Portal.
  3. Download the K2 4.7 March 2018 Cumulative Update FP23 from K2 Partner and Customer Portal.
  4. Install the K2 4.7 March 2018 Cumulative Update FP23 to apply the fix.