Problem Note 62876: SAS® Web Report Studio images contain a cross-site scripting vulnerability
 |  |  |  |  |
Severity: Medium
Description: SAS Web Report Studio might allow injection of malicious scripts when adding images.
Potential Impact: Users might unknowingly execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue. After the hot fix is applied, SAS Web Report Studio displays HTTP 500 if someone attempts this exploit.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Report Studio | Microsoft® Windows® for x64 | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
| 64-bit Enabled AIX | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 | ||
| 64-bit Enabled Solaris | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 | ||
| HP-UX IPF | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 | ||
| Linux for x64 | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 | ||
| Solaris for x64 | 4.4_M3 | 4.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 | ||
A fix for this issue for SAS Web Report Studio 4.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B6U.html#62876A fix for this issue for SAS Web Report Viewer 4.4_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B6V.html#62876A fix for this issue for SAS Web Report Viewer 4.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5I.html#62876A fix for this issue for SAS Web Report Studio 4.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5H.html#62876A fix for this issue for SAS Web Report Studio 4.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V64.html#62876A fix for this issue for SAS Web Report Viewer 4.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V65.html#62876| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-11-06 13:17:55 |
| Date Created: | 2018-09-06 14:43:57 |