on Apr 3, 2018Article Content
| Article Number | 000036181 |
| Applies To | RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: 7.0.2+ |
| Issue | After upgrading RSA Identity Governance & Lifecycle to 7.0.2 or higher from a version prior to 7.0.2, accessing user Dashboards result in the following errors: The request could not be handled Unable to create page for page ID "<name of page being accessed>" Unsafe characters detected in URL parameters. Possible XSS attack.  |
| Cause | This issue occurs when using a bookmark of a Dashboard that was saved prior to 7.0.2. Starting in 7.0.2 security was increased for Cross-Site Scripting (XSS). The format of the URL saved in the bookmark is now flagged as a possible XSS attack. The format that causes this behavior are '+' signs in the URL. For example, the following bookmarked URL in 6.9.1 brings the user successfully to their dashboard page: IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_Terminated+Password+Vault+Reviewers_DashboardDisplayPageData Starting in 7.0.2 and higher, the same URL would fail and flag a potential XSS attack. To resolve this problem, URLs in version 7.0.2 or higher are stripped of any '+' signs as in the example below: IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_TerminatedPasswordVaultReviewers_DashboardDisplayPageData Because an RSA Identity Governance & Lifecycle patch does not modify user bookmarks, the older version of the URL is accessed when using the bookmark and the potential XSS risk is flagged. |
| Resolution | For each Dashboard that has this issue, delete the old bookmark that accesses that Dashboard and create a new bookmark:
|