Gooner007 Member since 2010 15 posts
Tata Consultancy Services
Posted: 3 years ago
Last activity: 3 years 5 months ago

Cross Site scripting - issue accessing SMA

Our project uses site minder for our login . For Fixing Cross site scripting issue we have worked with our Site minder Team and updated our Site minder Policy to reflect the following

badcsschars='<,',>,%22' .

This fixed our issue of cross site scripting but after this was implemented we are not able to access the Links available inside SMA. ( Agent Management ,Logging and Tracing etc) . By Looking at the source code for the these Links

<A href="#" title="Defines operations and attributes for agent management" oncontextmenu="showMenuHandler('<NODE ID>%22&mbeanVersion=1.0')

We see the Node ID is getting passed between %22 . Anyone able to by pass this issue or any other solution for accessing these links with the cross site scripting fixed?

Thanks in advance.

Low-Code App Development System Administration
Moderation Team has archived post
Share this page LinkedIn