70876 - SAS® Visual Analytics 7.51 and 7.52 contain a stored cross-site scripting (XSS) vulnerability

Problem Note 70876: SAS® Visual Analytics 7.51 and 7.52 contain a stored cross-site scripting (XSS) vulnerability

Severity: High

Description: SAS Visual Analytics 7.51 and 7.52 contain a stored cross-site scripting (XSS) vulnerability that allows JavaScript code to be injected via a certain POST request and executed on browser.

Potential Impact: Users might unknowingly execute malicious code.

Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Visual Analytics (on SAS 9.x)	Microsoft® Windows® for x64	7.51	7.52	9.4 TS1M7	9.4 TS1M8
		Linux for x64	7.51	7.52	9.4 TS1M7	9.4 TS1M8

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Visual Analytics 7.52 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/M4N.html#70876

A fix for this issue for SAS Visual Analytics 7.51 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/I9T.html#70876

Type:	Problem Note
Priority:	high

Date Modified:	2024-07-25 07:57:26
Date Created:	2024-07-05 00:17:57

Support

Problem Note 70876: SAS® Visual Analytics 7.51 and 7.52 contain a stored cross-site scripting (XSS) vulnerability

Operating System and Release Information