Security scan test may find there could be HTML injection that occurs when a user can control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This document guides how to address it.

SDM 17.4.x

In order to address it, perform the following steps:

1. Add the following parameter to (Service Desk)\bopcfg\www\web.cfg:
       SecureParameter.QBE.EQ.CHG_REF_NUM NumberOnly
   
   
2. Enable the option @NX_VALIDATE_REQUEST_PARAMETER=1 as per the Broadcom documentation on securing CA SDM from cross-site scripting vulnerabilities: 
   
   Securing CA SDM from Cross-Site Scripting Vulnerabilities
   
   
3. Restart the Service Desk services.