Problem Note 67583: The "Section Data" panel in SAS® Web Report Studio contains a cross-site scripting vulnerability
 |  |  |  |  |
Severity: Medium
Description: In SAS Web Report Studio, the Section Data panel contains a cross-site scripting vulnerability.
Potential Impact: An attacker might be able to inject malicious code into the Section Data panel. This code is executed in your browser, which enables the attacker to steal privilege information.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Report Studio | Microsoft® Windows® for x64 | 4.4_M6 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 4.4_M6 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 4.4_M6 | 9.4 TS1M6 | ||||
| HP-UX IPF | 4.4_M6 | 9.4 TS1M6 | ||||
| Linux for x64 | 4.4_M6 | 9.4 TS1M6 | ||||
| Solaris for x64 | 4.4_M6 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Web Report Studio 4.4_M7 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J1A.html#67583A fix for this issue for SAS Web Report Viewer 4.4_M7 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J1B.html#67583A fix for this issue for SAS Web Report Studio 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3E.html#67583A fix for this issue for SAS Web Report Viewer 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3F.html#67583| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2021-03-26 09:30:50 |
| Date Created: | 2021-03-10 12:49:12 |