Employee Portal Vulnerability
SteveO
Member Posts: 164
Hello to everyone,
Just thought I'd let you all in on a recent discovery I made with regards to Employee Portal.
When the webparts are writing out data from Navision they process html tags, and do not write them out as plain text. This unfortunately could allow malicious scripts to be run.
eg. If someone enters
in the customer name in the customer card webpart then the Customer List will show Some Name formatted with the h1 tags.
How does this get reported to Microsoft so that it can be corrected?
Just thought I'd let you all in on a recent discovery I made with regards to Employee Portal.
When the webparts are writing out data from Navision they process html tags, and do not write them out as plain text. This unfortunately could allow malicious scripts to be run.
eg. If someone enters
<h1>Some Name</h1>
in the customer name in the customer card webpart then the Customer List will show Some Name formatted with the h1 tags.
How does this get reported to Microsoft so that it can be corrected?
This isn't a signature, I type this at the bottom of every message
0
Comments
-
If you are partner, you can report it through service incident. If you are not partner, let me know and I will report it...0
-
Ok thanks, yup we are a Partner so I'll get it logged.This isn't a signature, I type this at the bottom of every message0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions