Problem Note 17592: Possible cross-site scripting issue in Preferences area of the
Information Delivery Portal
When using a cross-site scripting tool to check for possible security
risks in the Preferences application of the Information Delivery Portal,
a flag may be triggered. This flag will only occur if a value for the
category supplied for the preference category is not a number. If using
a script, the script is used in place of the number. In this case, an
error will occur and the value that was not a number will be displayed
in the browser. Displaying this value is a problem.
Select the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| SAS System | SAS Information Delivery Portal | Microsoft Windows 2000 Professional | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| Microsoft Windows XP Professional | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| Microsoft Windows NT Workstation | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| Microsoft Windows 2000 Server | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| 64-bit Enabled HP-UX | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| Microsoft Windows 2000 Datacenter Server | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| 64-bit Enabled Solaris | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| Microsoft Windows 2000 Advanced Server | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
| 64-bit Enabled AIX | 2.0 | 2.0 | 9.1 TS1M3 SP3 | 9.1 TS1M3 SP4 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
| Type: | Problem Note |
| Priority: | high |
| Topic: | System Administration ==> Servers ==> Portal
|
| Date Modified: | 2008-10-21 21:52:16 |
| Date Created: | 2006-05-01 10:25:24 |
