Skip to main content
Kofax

KTA 7.9 - KTA Designer can be exploited by injecting JavaScript

Article # 3038545 - Page views: 75

Issue

KTA Designer can be exploited by injecting JavaScript in the Description field of an object.

A KTA Developer can add javascript to a Description field of an object, which would be executed when the object is refreshed.

For example, in KTA Designer, go to User Interface->Images->New and create a new image. Add some javascript to the Description field and save.  This will be executed when the object is refreshed.

 

Solution

Install KTA 7.9 Fix Pack 9 to resolve the issue.

 

Level of Complexity 

Easy

 

Applies to  
Product Version Build Environment Hardware
KTA 7.9      

 

References

Add any references to other internal or external articles

 

 

Article # 3038545
  • Was this article helpful?