How can we help you today?
Start a new topic
Answered

Discarding request. Probably contains XSS code

Hi,


this is possibly the strangest ticket I've ever created :)


I have discovered on firmware 8.7.5.35 (on several different snom models, D765, 760 etc...):


if the sip password contains the word "monkey", I get the error message above.  


Not really sure if this is a bug, intentional or some kind of easter-egg but it made me laugh anyway.


cheers,

Paul.


Best Answer

Hi Provu


We created a ticket and we answered you from that.


Have a nice day!


oh I think I've posted this to the wrong place.  I was intending on creating a support ticket.


This doesn't happen on older firmwares (we have a phone here on 8.7.5.13 which doesn't display the message.


cheers,

Paul.

Answer

Hi Provu


We created a ticket and we answered you from that.


Have a nice day!

Ok, I agree that is the weirdest part of my week.

I searched for 

Discarding request. Probably contains XSS code

error and the first hit was monkey in  the password!  Nuts, or maybe I should say bananas.

Seems like I'm locked out of admin advanced mode too.


Would you please provide the same ticket information to me as well.  Thank you!

 

Hi David,


please see:  https://service.snom.com/display/wiki/10.1.42.14+Release 


In 10.1.42.14 Release and higher the correction is implemented:

Release Notes reference:  SAP-780: Improved XSS protection measuring, critical strings e.g. OnKey & OnClick can now be accepted as part of setting values (e.g. Monkey or MyFonclick were refused) [SCPP-7460] 


Please update to this release or higher. Thanks!


Greetings from Berlin and stay safe,

Jan



Jan Boguslawski

Product Owner Snom

Thank you.

Always good to know I'm not going mad, yet.....

Login or Signup to post a comment