Zia Bot request creation XSS issue in 14506 and above
Issue: Script gets executed in request details page when a script content is given in the description field while creating requests via Zia Bot. Issue occurs due to a breakage in v14506 .
Fix: Sanitize the description field during request creation through Zia Bot.
Instructions:
->Create a folder named "fixes" under <SDP-HOME> if not exists (Ex.,<Installation Folder>\ManageEngine\ServiceDesk\)directory.
->Inside the "fixes" folder (<SDP-HOME>/fixes) paste the "14506_XSS_Ziabot.fjar" attached in this article.
->Restart the Application service.
Build compatibility: 14506
For any other build no above 14506, kindly contact developer team before providing the fjar.
Issue ID: SD-119008
New to ADSelfService Plus?
Related Articles
Zia prediction failure due to security statements at the front of email content
Issue: Zia approval prediction fails when security statements are present at the starting of the mail content. Since we consider the first 100 characters and 2 sentences from the content, the approval comment given by the user was not considered due ...Zia Approval / Request Reopen prediction fails due to the presence of Email Classification Headers
Issue: Zia Approval / Request Reopen prediction fails when the reply mails have Email Classification Header contents in it. Disclaimer: For eliminating Email Classification Headers while processing approval / reopen reply mails for Zia prediction, we ...Zia Bot is not working after upgrding to 14300 or above
Issue: Due to a security fix for Chat module done in 14300, Zia Bot is not working when Requester or Technician Chat is disabled. Issue 1: After upgrading, starting the application server and opening Zia Bot Issue 2: Only when the technician chat is ...Zia Prediction Fails When Email Content has Classifications - Extended Version
Issue : Zia Approval prediction is not working when the prediction query has email classification content in it. Fix : In this fix, we have created a file called IgnoreList.txt. The fix will read the contents present in this file and ignore them ...Zia Prediction Fails When Email Content has Classifications
Issue: Zia Approval prediction is not working when the prediction query has email classification content in it. Fix: In this fix, we have created a file called IgnoreList.txt. The fix will read the contents present in this file and ignore them while ...