Nintex Community Menu Bar

Code Fix: XSS vulnerability on forms

4 years ago
February 16, 2021
0 replies
32 views
Translate

+11

Anelle
Nintex Employee
13 replies

Code Fix: XSS vulnerability on forms

KB003597

PRODUCT

K2 Five 5.3 to 5.4

K2 Five (5.3) April 2020 Cumulative Update

K2 Five (5.3) April 2020 Cumulative Update Fix Pack 20

Issue Description

When you have a form that makes use of a server event to transfer a form parameter to a view parameter, the form becomes vulnerable to XSS.

Resolution

The fix is available in the following K2 versions:

K2 4.7 December 2019 Cumulative Update	K2 Five (5.0) December 2019 Cumulative Update	K2 Five (5.1) November 2018 Cumulative Update	K2 Five (5.2) May 2019 Cumulative Update	K2 Five (5.3) April 2020 Cumulative Update	K2 Platform Classic(5.4)
X	X	X	X	Fix Pack 20	Fix Pack 12

Ensure you have the correct K2 version and/or Cumulative Update installed. See KB001893 to see what Fix Pack level you have installed.
Download the latest Fix Pack using the links in the table above for the version you require.
Install the Fix Pack to apply the fix.

Considerations

To fix the XSS vulnerability we had to roll back the fix for KB003579.

Did this topic help you find an answer to your question?

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Code Fix: XSS vulnerability on forms

Issue Description

Resolution

Considerations

Reply

Sign up

Log in with SSO

Login to the community

Log in with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings