Hi Richard -I'm replying back via email to explain. Thanks, Kelly
On Monday, September 17, 2012 9:34:30 AM UTC-5, Kelly Burns wrote: > > Hi guys - I am sure somebody has run into this before; but I am at a > complete "dead end" here and need to resolve before our upcoming IT Audit. > :( > > Our IT Audit firm found our Web Site Management Server 10.1 SP2 (with SQL > 2008 db) poses a "significant security risk", in that it allows cross site > scripting (aka "XSS") to occur in the classic ASP portions of the app. > Obviously I need to correct this before our *next* audit (next month). > > Last September, when the audit found this info, I submitted this as a > ticket for resolution to OpenText Support. They said they would forward the > issue to development for analysis (this was a year ago). I realized I'd > not heard back from them on this issue & checked back on it this week. The > response was: > > *"This ticket was linked to a BUG ID: WSGMS-8216 currently there is no > resolution or much analysis on the issue, but it is now tracked by OpenText > and you can always use the aforementioned ID to track its status."* > > I searched all over OpenText KB for the bug, but it is not even listed > anyplace that I could find. I was hoping that surely *somebody *has had > the same issue and posted a workaround *somewhere *by now. :-( Well if > it exists, I still haven't found it! > > Has anyone else dealt with this?? If what if anything did you do to > secure RedDot properly? > > Thanks in Advance! > Kelly > > > -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/reddot-cms-users/-/rbKSOqa2NAIJ. To post to this group, send email to reddot-cms-users@googlegroups.com. To unsubscribe from this group, send email to reddot-cms-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
