IBM Support

WebReports Cross Site Scripting vulnerability (December 2012 Fix Pack)

Technote (troubleshooting)


This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting is a vulnerability that allows an attacker to send malicious code to another user.
Because a browser cannot know if the script should be trusted or not, it will execute the script
in the user context allowing the attacker to access any cookies or session tokens retained by the

Resolving the problem

To resolve this issue, a configurable filter was added to protect Web Reports from common Cross Site Scripting vulnerability.

Document information

More support for: Initiate Master Data Service

Software version: 9.5.0, 9.7.0, 10.0.0, 10.1.0

Operating system(s): AIX, Linux, Solaris, Windows

Reference #: 1618533

Modified date: 19 December 2012