Problem Note 67256: SAS® Anti-Money Laundering contains a cross-site scripting vulnerability
 |  |  |  |  |
Severity: Medium
Description: An authenticated user can store malicious JavaScript in the comment and description of a case.
Potential Impact: If a user accesses the case to edit the comment or description, the malicious JavaScript is executed in the browser.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Anti-Money Laundering | Microsoft® Windows® for x64 | 7.1 | |||
| 64-bit Enabled AIX | 7.1 | |||||
| 64-bit Enabled Solaris | 7.1 | |||||
| Linux for x64 | 7.1 | |||||
A fix for this issue for SAS Compliance Solutions 7.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5T.html#67256| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2021-01-22 09:00:48 |
| Date Created: | 2021-01-18 14:41:20 |