Code Fix: Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting
KB002674
PRODUCTK2 smartforms 4.7
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.
Issue Description
Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting.
Resolution
- Ensure you have K2 4.7 installed.
- Download and Install the K2 4.7 March 2018 Cumulative Update from K2 Partner and Customer Portal.
- Download the K2 4.7 March 2018 Cumulative Update FP23 from K2 Partner and Customer Portal.
- Install the K2 4.7 March 2018 Cumulative Update FP23 to apply the fix.