Cross-Site Scripting Detected when accessing Custom Fields tab in Load File LFI setup on eDiscovery v10.1.1

book

Article ID: 100053210

calendar_today

Updated On:

Description

Error Message

Failure:
Cross-Site Scripting Detected



Server-yyyy-mm-dd.log:
ERROR [ui.servlet.XSSFilter] (https-jsse-nio2-443-exec-23-superuser:[]) CaseName:[LFI-Test]  UserName:[superuser-1496241804] [#60016] XSS Content Detected in request parameter: SampleText containing string: 

Cause

A column in the Load File data file (CSV or DAT) contains one or both of the following characters: 
< less than
> greater than

Resolution

Download attached file LFISourceHandler_getFieldMapping.txt

  1. Stop all Clearwell services
  2. Make a backup of the \v101\config\configs\default.properties file.
  3.  Edit \v101\config\configs\default.properties
  4. Copy the contents of  LFISourceHandler_getFieldMapping.txt  to the line above the appearance of: 
    ##
    ## XSS patterns
  5. Save the default.properties file.
  6. In the Clearwell utility, perform the Step # 7: Build Incremental Configuration Changes
  7. When prompted, choose to start all Clearwell Services.

Issue/Introduction

During a Load File Import a user clicks on the Custom Fields tab and receives the following error.

Additional Information

JIRA: CFT-4687

Attachments

LFISourceHandler_getFieldMapping.txt get_app
Powered by Wolken Software