A fix is available
APAR status
Closed as program error.
Error description
The ReqWebHelp is vulnerable to cross site scripting attacks. The following links demonstrate the problem: http://localhost/ReqWebHelp/advanced/workingSet.jsp?operation=ad d*/--></script><script>alert(289325)</script>&workingSet= http://localhost/ReqWebHelp/basic/searchView.jsp?searchWord=>''> <script>alert(306531)</script>&maxHits=>''><script>alert(306531) </script>&scopedSearch=>''><script>alert(306531)</script>&scope= >''><script>alert(306531)</script> The issues have been submitted to the Help team for correction. These types of attacks should be blocked.
Local fix
Problem summary
There are security vulnerabilities in the RequisitePro Web Client Help system allowing for scripting attacks.
Problem conclusion
A new help engine has been provided by the help team to block these scripting attacks.
Temporary fix
Comments
APAR Information
APAR number
PK83895
Reported component name
REQUISITEPRO WI
Reported component ID
5724G3900
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-04-01
Closed date
2009-10-15
Last modified date
2009-10-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
REQUISITEPRO WI
Fixed component ID
5724G3900
Applicable component levels
R710 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSHCT","label":"Rational RequisitePro"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
24 October 2021