SAP Knowledge Base Article - Public

1723474 - Cross Site Scripting issues

Symptom

There are cross-site scripting vulnerabilities in the following URLs:

  • http://<server>:<port>/admin/CMC/<UID>/admin/logon.faces
  • http://<server>:<port>/BOE/portal/<UID>/PlatformServices/service/app/logon.do
  • http://<server>:<port>/admin/CMC/<UID>/PlatformServices/service/app/timeout.do
  • http://<server>:<port>/admin/CMC/<UID>/PlatformServices/jsp/Help/helpRedirect.faces
  • http://<server>:<port>//admin/CMC/<UID>/admin/App/frameset.jsp

Cause

This is tracked under ADAPT01632353

Resolution

The fix for this appears in Patch 2.16

Keywords

KBA , BI-BIP-DEP , SBOP Web Application Deployment, Wdeploy , Problem

Product

SAP Crystal Reports 2011