3.39.25
Bugfixes
- XSS security fixes – Improvements implemented as a response to customer feedback on XXS-vulnerabilities in Adaptive:
- XSS: Remove XSS from embedded map (Secured feature)
- Consequence: should not be able to inject script in config object and from URL API
- XSS: Replace HTML tags in shares (read/write) (Secured feature)
- Consequence: Removes any tag-characters when reading already saved map shares and removes any tag-characters when saving new map shares
- XSS: Remove send printout via email option (Removed feature)
- Consequence: Removed feature that enabled users to send a printed map directly by email – This to avoid possible XSS-attacks and that sending email from whatever e-mail address through customers SMTP is not best practice.
- XSS: Remove HTML from user data dataview (Secured feature)
- Consequence: Vector data added by users in “My data” module is HTML encoded when displayed in dataview
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More Privacy & Cookies Policy