64494 - XSS malicious code can be unintentionally executed in SAS® Visual Investigator

Problem Note 64494: XSS malicious code can be unintentionally executed in SAS® Visual Investigator

Title: SAS^® Visual Investigator contains a cross-site scripting (XSS) vulnerability.
Severity: High (7.2)
Description: A user with database access can update a field value with code that could be executed when opening the entity in SAS Visual Investigator that the field relates to.
Potential Impact: Users might unknowingly execute malicious code.

Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Visual Investigator	Linux for x64	10.5	10.5.1	Viya	Viya

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

An update for this issue is available for SAS Visual Investigator 10.5. For instructions on how to access and apply these software updates, see the documentation links at the top of

http://ftp.sas.com/techsup/download/hotfix/HF2/Viya_VI_10_5_home.html#64494

Type:	Problem Note
Priority:	high

Date Modified:	2021-05-03 16:11:52
Date Created:	2019-07-19 14:53:44

Support

Problem Note 64494: XSS malicious code can be unintentionally executed in SAS® Visual Investigator

Operating System and Release Information