https://community.qlik.com/t5/QlikView/query-on-quot-public-quot-parameter-value-when-requesting/m-p/442997#M1333016 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>During the recent vulnerability test we conducted on QlikVIew (v11 SR2) access point URL, we have noticed that "the payload <STRONG>]]&gt;&gt;</STRONG> was appended to the value of the public parameter". This seems to be a potential XML Injection.</P><P></P><P>I have no clue on what is this and how is it getting appended to the public parameter?</P><P></P><P>Did any of you come across this?</P><P></P><P>Regards,</P><P>Murali</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/query-on-quot-public-quot-parameter-value-when-requesting/m-p/442997#M1333016 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>During the recent vulnerability test we conducted on QlikVIew (v11 SR2) access point URL, we have noticed that "the payload <STRONG>]]&gt;&gt;</STRONG> was appended to the value of the public parameter". This seems to be a potential XML Injection.</P><P></P><P>I have no clue on what is this and how is it getting appended to the public parameter?</P><P></P><P>Did any of you come across this?</P><P></P><P>Regards,</P><P>Murali</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/query-on-quot-public-quot-parameter-value-when-requesting/m-p/442997#M1333016 2026-01-26T18:19:17Z