Showing results for 
Search instead for 
Did you mean: 

ITS Security

Former Member
0 Kudos

We working here on ITS 6.20 Patch 14 and received a note that the ITS has a vulnerability to Cross Server Scripting (XSS).

Having checked SAPNet notes and other posts regarding this security issue, I've found the following notes who claim to address this issue:

598074, 595383 and 654038

However, all 3 of those seem to deal with other ITS security vulnerabilities.

Does anyone know how input/output validation needs to be altered in order to prevent JS code being executed in HTML templates? Is this an IIS setting?

Accepted Solutions (0)

Answers (1)

Answers (1)

Active Contributor
0 Kudos

Hello Michael,

There is a new note, 820916, that is related to cross site scripting. The ITS 6.20 patch 18 now addresses some of the issues with cross site scripting.

Other web server forums also note that Microsoft's URLscan tool for IIS is capable of detecting some cross site scripting, but I have not tested this.

Best regards,

Edgar Chuang