Hi,

During the recent vulnerability test we conducted on QlikVIew (v11 SR2) access point URL, we have noticed that "the payload ]]>> was appended to the value of the public parameter". This seems to be a potential XML Injection.

I have no clue on what is this and how is it getting appended to the public parameter?

Did any of you come across this?

Regards,

Murali