16455 - Cross site scripting vulnerability for specific Portal access patterns

Problem Note 16455: Cross site scripting vulnerability for specific Portal access patterns

There are still a few cross site scripting vulnerabilities in some access patterns of the Portal. The majority of access patterns are covered by the cross site scripting filter put in place several years ago.

Select the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Information Delivery Portal	Microsoft Windows NT Workstation	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		Microsoft Windows XP Professional	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		Microsoft Windows 2000 Server	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		Microsoft Windows 2000 Datacenter Server	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		Microsoft Windows 2000 Professional	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		64-bit Enabled HP-UX	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		Microsoft Windows 2000 Advanced Server	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		64-bit Enabled Solaris	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4
		64-bit Enabled AIX	2.0	2.0	9.1 TS1M3 SP3	9.1 TS1M3 SP4

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Information Delivery Portal 9.1.3 SP3 is available at:

http://www.sas.com/techsup/download/hotfix/idp913.html#016455

Type:	Problem Note
Priority:	high
Topic:	System Administration ==> Servers ==> Portal

Date Modified:	2008-10-21 08:20:48
Date Created:	2005-11-09 11:28:20

E-mail This Page

Knowledge Base

Problem Note 16455: Cross site scripting vulnerability for specific Portal access patterns

Operating System and Release Information

E-mail:
Password