KTA 7.9 - KTA Designer can be exploited by injecting JavaScript
Article # 3038545 - Page views: 132
Issue
KTA Designer can be exploited by injecting JavaScript in the Description field of an object.
A KTA Developer can add javascript to a Description field of an object, which would be executed when the object is refreshed.
For example, in KTA Designer, go to User Interface->Images->New and create a new image. Add some javascript to the Description field and save. This will be executed when the object is refreshed.
Solution
Install KTA 7.9 Fix Pack 9 to resolve the issue.
Level of Complexity
Easy
Applies to
Product | Version | Build | Environment | Hardware |
---|---|---|---|---|
KTA | 7.9 |
References
Add any references to other internal or external articles
Article # 3038545