Convergence: JavaScript Can Run When Entered Into the “Create Link” Text Input Area. (Doc ID 3065219.1)

Last updated on DECEMBER 26, 2024

Applies to:

Oracle Communications Convergence - Version 3.0.2 and later
Information in this document applies to any platform.

Symptoms

Steps:

For optimal results, perform these steps in Chrome.

1) Log in to Convergence.
2) Choose the "Compose Message" tab.
3) From the message body editor's toolbar, select the "Create Link" icon.
4) In the "URL" column, enter any properly constructed URL.
5) In the "Text" field, type the following content.

6) When you click "OK" to save the URL, you will see a javascript warning.

The signature editor in Settings exhibits the same behaviour. Although this is not particularly relevant because the user is doing it to themselves, it does show a lack of input validation and sanitization.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Convergence: JavaScript Can Run When Entered Into the “Create Link” Text Input Area. (Doc ID 3065219.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!