Problem Note 62975: The Add Links option in SAS® Home has a cross-site scripting vulnerability
 |  |  |  |  |
Severity: Medium
Description: SAS Home does not validate URLs added using the Add Links option.
Potential Impact: Users might unknowingly execute malicious code when using an added URL.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Visual Analytics | Microsoft® Windows® for x64 | 7.3 | 7.5 | 9.4 TS1M3 | 9.4 TS1M6 |
| Linux for x64 | 7.3 | 7.5 | 9.4 TS1M3 | 9.4 TS1M6 | ||
A fix for this issue for SAS Visual Analytics 7.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B2B.html#62975A fix for this issue for SAS Visual Analytics 7.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V90.html#62975| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-11-07 10:05:02 |
| Date Created: | 2018-09-24 11:55:20 |