0 Replies Latest reply: Oct 23, 2012 4:52 AM by Muralidhar Koti RSS

    query on "public" parameter value when requesting QvsViewClient.aspx

    Muralidhar Koti

      Hi,

       

      During the recent vulnerability test we conducted on QlikVIew (v11 SR2) access point URL, we have noticed that "the payload ]]>> was appended to the value of the public parameter". This seems to be a potential XML Injection.

       

      I have no clue on what is this and how is it getting appended to the public parameter?

       

      Did any of you come across this?

       

      Regards,

      Murali