Problem Note 62191: In SAS® Web Report Studio, the Text object contains a cross-site scripting vulnerability
 |  |  |  |  |
Severity: Low
Description: SAS Web Report Studio might allow injection of malicious scripts into the Text object.
Potential Impact: Malicious code might be executed if users click on a URL that has been specially crafted by an attacker.
Click the Hot Fix tab in this note to access the hot fix for this issue. After the hot fix is applied, all text is removed from the text box, and you see the message Exception parsing at unknown location cause: null.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Report Studio | Microsoft® Windows® for x64 | 4.4_M3 | 9.4 TS1M3 | ||
| 64-bit Enabled AIX | 4.4_M3 | 9.4 TS1M3 | ||||
| 64-bit Enabled Solaris | 4.4_M3 | 9.4 TS1M3 | ||||
| HP-UX IPF | 4.4_M3 | 9.4 TS1M3 | ||||
| Linux for x64 | 4.4_M3 | 9.4 TS1M3 | ||||
| Solaris for x64 | 4.4_M3 | 9.4 TS1M3 | ||||
A fix for this issue for SAS Web Report Viewer 4.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B6V.html#62191A fix for this issue for SAS Web Report Studio 4.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B6U.html#62191A fix for this issue for SAS Web Report Studio 4.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5H.html#62191A fix for this issue for SAS Web Report Viewer 4.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5I.html#62191A fix for this issue for SAS Web Report Studio 4.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V64.html#62191A fix for this issue for SAS Web Report Viewer 4.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V65.html#62191| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-05-08 10:50:23 |
| Date Created: | 2018-04-24 11:15:46 |