Skip to main content

Unable to update user profile in MarkView

Article # 3028995 - Page views: 48

Article # 3028995 - Page views: 48


When updating a user's details in Administration -> MarkView Admin -> User Profiles, an HTTP 500 error occurs when clicking on "Save".

The mvplsql.log file contains an error like:

2021-04-15 06:52:01,770 ERROR markview.plsqlservlet.PlSqlServlet:106 - Request has unexpected Origin value: nullor Referer value: https://<server>:<port>/markview/MV_Admin_User.UserMasterRecord

There is a possibility of a CSRF attack.


CSRF stands for Cross-Site Request Forgery.

A security vulnerability was identified in MarkView 10.1 and resolved in Fix Pack

From, MarkView believes that there is a CSRF attack occurring in the following circumstances:
- if the "origin" of a URL to a form in MarkView does not appear to be from MarkView: e.g. if someone has simply pasted the URL for the user profile tab into a browser rather than navigating from MarkView Home.
- if the header Origin exists and its URL value is not contained within either the Referer URL or the Request URL

The error in the mvplsql.log file can also occur if an unsupported browser is used.



Ensure that:
a) The user is accessing MarkView using a supported browser.

If the value of the PLQLSERVLET_LOGGING_LEVEL preference is set to "All", the mvplsql.log file records the useragent string for the browser used. e.g.:

2021-04-15 06:52:01,764 TRACE markview.plsqlservlet.PlSqlServlet:355 - Request Header User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; EN; rv:11.0) like Gecko

This useragent string can be checked using

b) The load balancer or proxy server are configured appropriately so that header Origin URL value is contained within both Referer URL and the Request URL


Level of Complexity 



Applies to  

Product Version Build Environment Hardware
MarkView for Oracle and later      


  • Was this article helpful?