Code Fix: Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting

  • 16 February 2021
  • 0 replies
  • 8 views

Badge +9
 

Code Fix: Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting

KB002674

PRODUCT
K2 smartforms 4.7
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

 

Issue Description

Error messages that contain user supplied values do not encode the value correctly to prevent cross site scripting.

Resolution

  1. Ensure you have K2 4.7 installed.
  2. Download and Install the K2 4.7 March 2018 Cumulative Update from K2 Partner and Customer Portal.
  3. Download the K2 4.7 March 2018 Cumulative Update FP23 from K2 Partner and Customer Portal.
  4. Install the K2 4.7 March 2018 Cumulative Update FP23 to apply the fix.

 


0 replies

Be the first to reply!

Reply