none
Fixing the vulnerability in search service in SharePoint 2013

    Question

  • From the Data center where the SharePoint is hosted, I received an email stating to fix the vulnerability in search service

    The below script cause a problem with the server.

    <IMG SRC="/" onerror=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

    No additional details.

    Tuesday, April 04, 2017 10:55 AM

All replies

  • The search have to white list the input to only Arabic and English letters.

    The below script cause a problem with the server.

    <IMG SRC="/" onerror=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


    Wednesday, April 05, 2017 9:15 AM
  • Hi ghsajith, 

    I am not very understanding of you.

    Does the search function works in your SharePoint 2013? 

    When do you receive the error message?

    Please check the ULS log  to determine the exact cause of the error. ULS log is at:       
    C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS

    Best Regards, 

    Lisa Chen


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 07, 2017 9:05 AM
    Moderator
  • The web site hosting organisation pointed out that Search Text box is vulnerable to Cross site scripting (XSS). I tried to change the requestValidationMode from 2.0 to 4.5. 

       <httpRuntime maxRequestLength="51200" requestValidationMode="2.0" />

    It prevents XSS. However I am getting error while publishing news in the portal.

    Thursday, April 13, 2017 6:49 AM