IBM Support

IJ10051: JAVASCRIPT IS EXECUTED IF HTML CODE ENTERED IN SR APPLICATION DESCRIPTION FIELD.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Problem details
================
JAVASCRIPT IS EXECUTED IF HTML CODE ENTERED IN SR APPLICATION
DESCRIPTION FIELD.

Application effected
====================
SR

Steps to reproduce
===================

1. Using App Designer, import the attached sr-tpae-try.xml
2. Logout and login
3. Go to the SR app
4. Open any exiting
5. Go to the Related Records tab
6. In the Service Request description field, enter the
following string: <img src=ok onerror=alert(/xss/)>
7. Save the record
8. Click on the Service Request tab


RESULTS / PROBLEM
==================
The javascript will execute and the alert box will pop up on
the page.


Expected Results
================
This needs to be prevented from happening.

Product Version
===============
Tivoli's process automation engine 7.6.0.8-IFIX20180130-1210
Build 20170512-0100 DB Build V7608-63 HFDB Build HF7608-12
Service Desk for IBM Control Desk 7.6.0.3257 Build 201709140546
DB Build V7603-02
Service Catalog for IBM Control Desk 7.6.0.3257 Build
201709140546 DB Build V7603-01
IBM Maximo for Service Providers 7.6.3.0-20180326-0921 Build
20170221-2101 DB Build V7630-21 HFDB Build HF7630-05

Local fix

  • n/a

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* N/A                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* JAVASCRIPT IS EXECUTED IF HTML CODE ENTERED IN SR            *
* APPLICATION  DESCRIPTION FIELD.                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

  • Fixed in label.jsp

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ10051
    • 

  • Reported component name
    SELF SERVICE
    • 

  • Reported component ID
    5724R46SS
    • 

  • Reported release
    760
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-10-03
    • 

  • Closed date
    2018-11-01
    • 

  • Last modified date
    2024-10-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SELF SERVICE
    • 

  • Fixed component ID
    5724R46SS
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"760","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 October 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback