Issues fixed and closed in SDL LiveContent S1000D 5.5
This section contains issues fixed and closed in SDL LiveContent S1000D version 5.5.
| Issue No. | Description |
|---|---|
| LCS-674 | Para element appears in wrong place. For example, |
| LCS-1573 | Cross site scripting (XSS) (Reflected) vulnerability was detected in 56 URLs. |
| LCS-1575 | The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the website will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal. |
| LCS-1784 | Variable initialization fails to initialize to <noValue> and it fails to conditionally test for <noValue> for Issue 3.0 data. |
| LCS-2022 | XML External Entity (XXE) attacks are a class of vulnerability where a user-provided document type definition (DTD) is parsed by the web application. A DTD is a set of markup that defines how the main XML body should be structured. This issue yields an external location on where to load the DTD file. This can be abused in many different ways. |
| LCS-2023 | Cross-site scripting (XSS) allows an attacker to embed code (JavaScript, VBScript, ActiveX, HTML, or Flash) into a vulnerable application to trick a user into executing the script on his or her machine. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the victim’s system. |
| LCS-2115 | Process dm stops working when it hits a dm-node with two <preset> declarations |
| LCS-2369 | Document_ID attribute not added to the document header during publish |