In OpenPages 7.2+ version, whenever user copies some text/formatting which may include unwanted hidden characters from Word/Outlook to OpenPages detail page and tries to save the record, users get "Malicious Attack" error and they are logged out of the session.
This error message is just a single line saying 'Malicious attack has occurred and you are logged out of the session'. Now this message does not specify any field or text where the error might be in the record. Hence it is very difficult to pinpoint the erroneous text.
The message should clearly pinpoint the field name where the error is, so that user can rectify the same. Because users might have copied loads of data and then it becomes very difficult to find the error text.
One more thing to notice is that the same erroneous text can be saved by Admin user and it only gives error for Business Users. If the erroneous text is present, it should also give Malicious attack error for Admin users.
|Priority||High - Critical|
|IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.|
|IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.|
|In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.|
|NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions|