Issue Description

When you add spaces or tabs between the "JavaScript:" using SmartForms Navigation action, Cross-Site Scripting (XSS) is no longer blocked.

Resolution

The fix is available in:

• K2 Five (5.6) Fix Pack 42.
• Nintex Automation (5.7) Fix Pack 21.
• Nintex Automation K2 (5.8) Fix Pack 05.

1. Ensure you have the correct K2 version and/or Cumulative update installed. See KB001893 to see what Fix Pack level you have installed.
2. Download the latest Fix Pack using the links in the table above for the version you require.
3. Install the Fix Pack to apply the fix.
4. It is recommended to clear browser cache and refresh the page.