Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036181 - Getting XSS error for the dashboard while logging in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support

on Apr 3, 2018

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036181
Applies To	RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: 7.0.2
Issue	After upgrade from RSA IDentity Management and Governance 6.9.1 to RSA Identity Governance & Lifecycle 7.0.2, a user could see the XSS attack error while logging into the system. The error states that it is unable to create a page ID for a custom created dashboard.
Cause	This error is due to a bookmark created for a login page in 6.9.1. In 6.9.1 the URL navigating to the dashboard was similar to the following: https://IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_Terminated+Password+Vault+Reviewers_DashboardDisplayPageData In 7.0.2 there is a slight change in the URL representation, as shown: https://IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_Terminated+Password+Vault+Reviewers_DashboardDisplayPageData If you use the same bookmarked URL as used in 6.9.1, the system finds a change during link validation and throws the error of possible XSS attack.
Resolution	Kindly remove the old bookmark and create new one for the new version of RSA Identity Governance & Lifecycle.

Attachments

Outcomes

0 Comments