Last updated on MAY 30, 2017
Applies to:
JD Edwards EnterpriseOne Tools - Version 8.98 and laterInformation in this document applies to any platform.
Goal
Issue 1:
The JAS.LOG shows the following error message:
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are: <details of the E1 script that encountered this error>
Issue 2:
When attempting to launch any application from E1 Menu on an HTML Client that is on a Windows 7 with Internet Explorer 8 the following error occurs:
The user is logged out of EnterpriseOne. The issue affects all of the workstations that have been upgraded to Windows 7. The issue does not occur on Firefox. In the JAS.LOG, the following can be observed:
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are:E1Menu";</SCRIPT><INPUT TYPE=hidden NAME=activeElement><SCRIPT>insertFormHeader("0","W0413MB","","P0413M","Supplier Payment Inquiry - Work with Payments","Errors and Warnings",false,"Help","About (Ctrl Shift J)","Item Help",0,0,"W0413MB","","Edit","","1");</SCRIPT><table CELLSPACING=0 CELLPADDING=1 WIDTH=1000class=MenuBar id=
HTML code from the Java servlet generated web page was included in the HTTP POST message submitted to the E1 HTML Server (JAS Server). This is a HTML/Javascript parsing/processing issue for Internet Explorer 8. When E1 HTML Server detects <script> tags in the HTTP POST message, it triggers cross site scripting (XSS) defense introduced in Tools Release 8.98 and ends the user session.
Issue 3:
Can also occur when copy / paste into MOBJ text attachment.
Solution
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms