Problem Note 58690: SAS® Drug Development 4.5 - Java cross-site scripting vulnerability
 |  |  |  |
In SAS® Drug Development, it is possible that malicious Java script could be executed. This is a form of a Java cross-site scripting vulnerability. The user interface is potentially susceptible to these exploits in the following places within the web user interface Dashboard message and notification task setup message:
- Creating a link with no quotation marks: "javascript:prompt()"
- Edit an existing link with, no quotation marks: "javascript:prompt()"
To obtain a fix for this issue, contact SAS Technical Support.
See this link for additional details, as these are widely known vulnerabilities:
Wikipedia: Cross-site scripting
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Drug Development | Linux for x64 | 4.5.3 | 4.5.4 | 9.4 TS1M1 | 9.4 TS1M3 |
| Type: | Problem Note |
| Priority: | alert |
| Date Modified: | 2020-02-14 13:42:42 |
| Date Created: | 2016-07-28 11:31:04 |