Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Not applicable

query on "public" parameter value when requesting QvsViewClient.aspx


During the recent vulnerability test we conducted on QlikVIew (v11 SR2) access point URL, we have noticed that "the payload ]]>> was appended to the value of the public parameter". This seems to be a potential XML Injection.

I have no clue on what is this and how is it getting appended to the public parameter?

Did any of you come across this?



Community Browser