APAR status
Closed as program error.
Error description
Potential cross-site scripting (XSS) vulnerability in Dojo builders for WEF 8.0 when running on Portal.
Local fix
Problem summary
This solution was the disabling of the Portal language cookie. It was the solution if the encoding solution was not going to be available. We have not tried this yet. Is there still going to be an encoding solution? Portal L3 indicated that WEF L3 would provide a fix, but after speaking with Kevin, I understand that there is work for Portal to do as well.
Problem conclusion
customer
Temporary fix
Comments
APAR Information
APAR number
LO82672
Reported component name
WEBP PORTLET FA
Reported component ID
5724O0300
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-11-06
Closed date
2015-03-04
Last modified date
2015-03-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBP PORTLET FA
Fixed component ID
5724O0300
Applicable component levels
R800 PSY
UP
R850 PSY
UP
[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"800","Edition":"","Line of Business":{"code":null,"label":null}}]
Document Information
Modified date:
11 September 2020