Tags to avoid in MSME to prevent XSS vulnerabilities

Technical Articles ID: KB82214
Last Modified: 12/8/2020

Environment

McAfee Security for Microsoft Exchange (MSME) 8.5
Microsoft Exchange 2013, 2010 SP2, 2007 SP3
Microsoft Windows 2008 x64bit, 2003 x64 bit

For supported environments, see KB82890 - Supported platforms for Security for Microsoft Exchange 8.5.x.

Summary

This article provides a list of tags to avoid using to prevent cross-site scripting (XSS) vulnerabilities with MSME.

When configuring options such as notifications or policy names in MSME, do not use tags that contain the following strings. These tags can cause XSS vulnerabilities.

Tags you must avoid using:

INPUT
iframe
XSS
FRAME
BASE
OBJECT
EMBED
BGSOUND
SCRIPT

Related Information

XSS is a computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side scripts into webpages viewed by other users.

Affected Products

Getting Started
Known Issue/Product Defect
Security for Microsoft Exchange 8.5 (EOL)

Knowledge Center

Tags to avoid in MSME to prevent XSS vulnerabilities

Environment

Summary

Related Information

Affected Products

Title

Title

Knowledge Center

Tags to avoid in MSME to prevent XSS vulnerabilities

Environment

Summary

Related Information

Affected Products

Choose your region

Title

Title