Hyland Enterprise Search 11.2.2 Cross Site Scripting

The admin console's event viewer displays logged event data inside of tags. An attack string like "alert'hi'" in any place across Enterprise Search that will cause an error, like instead of a number or for the username on the login page or through the new Federated Authentication, will then be...