Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

'Access denied due to XSS' error while submitting an access request

shivaprasad
New Contributor II
New Contributor II

Team, We have observed an error 'Access denied due to XSS' while submitting Add access request for an entitlement in an endpoint. It is an issue with just the one entitlement for the endpoint and not seen with any others. Can someone advise what causes this error to occur? the issue is that the request goes for approval with this error but the approver does not get an option to approve the request. Did not find anything relevant to the error in logs

shivaprasad_0-1665665671265.png

 

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Please share entitlement name 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

shivaprasad
New Contributor II
New Contributor II

'splunk_dev_intelligence' is the entitlement under 'Corporate AD' endpoint

Does entitlement description contains "  (double quote) if yes it will throw Access denied due to XSS error


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

shivaprasad
New Contributor II
New Contributor II

Thank you for the response. But the entitlement description does not contain any double quotes. It has the following special characters though - It contains * ; - , > .

Does any of these cause this error too?

Remove the angular brackets and then try.

Here's some info for your read : https://owasp.org/www-community/attacks/xss/

 

 

Regards,
Avinash Chhetri

shivaprasad
New Contributor II
New Contributor II

Thanks Avinash, That fixed it and Good to know