Literal Strings in Search Results

Diagnoses

We are getting an issue where search results are displaying strings as literal under certain circumstances, causing a security risk.

If script injection code has been saved to the worklist item's folio name, then it is displayed but not run.
However, if that item is searched for in the worklist, then that field seems to be set to literal because the code is interpreted by the browser.

Example:
Displaying a button to trigger a message alert(JS).

In addition to the worklist, this also happens in list views where the datalabels have been set to not literal searching within the list view appears to change the datalabels behaviour to be literal, as shown in attached images.

Resolution

We have provided the client with the latest rollup patches which included fixes for the issues described.

1- CP 4611.18
2- 4611.37

Be the first to reply!

Reply

View our Community Site Map

Reply

View our Community Site Map

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded