Skip to Content
0
Former Member
May 25, 2005 at 10:34 AM

ITS Security

21 Views

We working here on ITS 6.20 Patch 14 and received a note that the ITS has a vulnerability to Cross Server Scripting (XSS).

Having checked SAPNet notes and other posts regarding this security issue, I've found the following notes who claim to address this issue:

598074, 595383 and 654038

However, all 3 of those seem to deal with other ITS security vulnerabilities.

Does anyone know how input/output validation needs to be altered in order to prevent JS code being executed in HTML templates? Is this an IIS setting?