Punchout Using Internet Explorer 8.0 Erroring With XSS Switching Security Error (Doc ID 1086507.1)

Last updated on APRIL 19, 2023

Applies to:

Symptoms

In Oracle iProcurement, Release 11.5.10, punch out to a supplier site using the web browser Internet Explorer 8.0 is not functioning correctly when submitting the requisition.

The first Security Warning is "The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this?"

After clicking the "Yes" button, a blank page appears with the following IE security message: "Internet Explorer has modified this page to help prevent cross-site scripting.  Click here for more information...".

 
When clicking on the message, the following window appears: "How does Internet Explorer help protect me from cross-site scripting attacks?"

The issue can be reproduced at will with the following steps:

1. Sign on to Oracle E-Business Suite.
2. Select Responsibility: iProcurement
3. Navigation: iProcurement Home Page
4. Select punch out to the supplier.
5. Select items and Add to Cart.
6. Proceed to checkout.
7. Submit the order.
8. The error messages and windows mentioned above appear.
9. At this point, the punch out session is done; the user cannot return to the shopping cart and complete the purchase. However, when the user logs back into iProcurement, the shopping cart with the order details is visible, and the user can proceed to complete the checkout process.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.