Cross-Site Scripting Detected when accessing Custom Fields tab in Load File LFI setup on eDiscovery v10.1.1
book
Article ID: 100053210
calendar_today
Updated On:
Description
Error Message
Failure:
Cross-Site Scripting Detected

Server-yyyy-mm-dd.log:
ERROR [ui.servlet.XSSFilter] (https-jsse-nio2-443-exec-23-superuser:[]) CaseName:[LFI-Test] UserName:[superuser-1496241804] [#60016] XSS Content Detected in request parameter: SampleText containing string:
Cause
A column in the Load File data file (CSV or DAT) contains one or both of the following characters:
< less than
> greater than
Resolution
Download attached file LFISourceHandler_getFieldMapping.txt
- Stop all Clearwell services
- Make a backup of the \v101\config\configs\default.properties file.
- Edit \v101\config\configs\default.properties
- Copy the contents of LFISourceHandler_getFieldMapping.txt to the line above the appearance of:
##
## XSS patterns
- Save the default.properties file.
- In the Clearwell utility, perform the Step # 7: Build Incremental Configuration Changes
- When prompted, choose to start all Clearwell Services.
Issue/Introduction
During a Load File Import a user clicks on the Custom Fields tab and receives the following error.
Additional Information
JIRA: CFT-4687
Attachments
LFISourceHandler_getFieldMapping.txt
get_app
Was this article helpful?
thumb_up
Yes
thumb_down
No