'Unsafe characters detected in URL parameters. Possible XSS attack.' accessing Dashboards in version 7.0.2+ of RSA Identity Governance & Lifecycle
Originally Published: 2018-03-26
Article Number
Applies To
RSA Version/Condition: 7.0.2+
Issue
The request could not be handled
Unable to create page for page ID
"<name of page being accessed>"
"<name of page being accessed>"
Unsafe characters detected in URL parameters. Possible
XSS attack.
Cause
For example, the following bookmarked URL in 6.9.1 brings the user successfully to their dashboard page:
IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_Terminated+Password+Vault+Reviewers_DashboardDisplayPageData
Starting in 7.0.2 and higher, the same URL would fail and flag a potential XSS attack. To resolve this problem, URLs in version 7.0.2 or higher are stripped of any '+' signs as in the example below:
IPaddress:Port/aveksa/main?ReqType=GetPage&PageID=HomeTab_DashboardTab_TerminatedPasswordVaultReviewers_DashboardDisplayPageData
Because an RSA Identity Governance & Lifecycle patch does not modify user bookmarks, the older version of the URL is accessed when using the bookmark and the potential XSS risk is flagged.
Resolution
- Delete the problematic bookmark (browser dependent.)
- Login to the RSA Identity Governance & Lifecycle user interface.
- Navigate to the Dashboard that was no longer reachable via the bookmark. Note the Dashboard is now accessible and the URL has no '+' signs. This is the URL format required for 7.0.2 and above.
- Save the bookmark (browser dependent.)
- Access the bookmark and note that the Dashboard is now accessible.
Related Articles
Network Access Protection error: 'possible configuration error.' 5Number of Views Unclear Error Message Possible for Application Protected by Fingerprint Only 32Number of Views AFX Connectors remain in a Deployed state and 'Detected missing/corrupt journal files' error in RSA Identity Governance & … 142Number of Views Is it possible to modify the PIN of an nCipher Admin Card Set card? 5Number of Views Security scan shows a possible denial of service vulnerability 31Number of Views
Trending Articles
RSA Authentication Manager 8.9 Setup and Configuration Guide How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. RSA Authentication Manager 8.9 Release Notes (January 2026) Configure RSA Authentication Manager as a Secure Proxy Server for Cloud Access Service RSA Authentication Manager Upgrade Process
Don't see what you're looking for?