May 25, 2005 at 10:34 AM
ITS Security
We working here on ITS 6.20 Patch 14 and received a note that the ITS has a vulnerability to Cross Server Scripting (XSS).
Having checked SAPNet notes and other posts regarding this security issue, I've found the following notes who claim to address this issue:
598074, 595383 and 654038
However, all 3 of those seem to deal with other ITS security vulnerabilities.
Does anyone know how input/output validation needs to be altered in order to prevent JS code being executed in HTML templates? Is this an IIS setting?