The following security hotfix addresses these issues: 1255324 - Cross Site Scripting vulnerabilities have been discovered in the MGE 2010 AJAX Viewer These files can be applied to MGE 2010 Update 1 (TBWeb Update 1) or MGE 2010 Update 1b only. Contents: Directory of \mapviewerjava 02/04/2010 10:05 AM 1,283 ajaxviewer.jsp 02/08/2010 02:17 PM 3,181 ajaxviewerabout.jsp 02/10/2010 03:33 PM 19,527 buffer.jsp 02/08/2010 02:21 PM 2,503 bufferui.jsp 02/08/2010 02:22 PM 2,164 colorpicker.jsp 02/08/2010 05:21 PM 8,846 common.jsp 02/04/2010 10:05 AM 1,283 dwfviewer.jsp 02/04/2010 10:05 AM 1,571 formframe.jsp 02/10/2010 12:48 PM 5,581 gettingstarted.jsp 02/04/2010 10:05 AM 1,100 index.jsp 02/04/2010 10:05 AM 1,088 init.jsp 02/12/2010 11:26 AM 19,985 legend.jsp 02/08/2010 02:29 PM 2,546 legendctrl.jsp 02/08/2010 02:30 PM 1,936 legendui.jsp 02/10/2010 02:25 PM 28,216 mainframe.jsp 02/08/2010 02:38 PM 8,081 mapframe.jsp 02/08/2010 02:39 PM 14,161 measure.jsp 02/08/2010 02:40 PM 2,515 measureui.jsp 02/10/2010 02:11 PM 3,391 printablepage.jsp 02/10/2010 03:36 PM 3,015 printablepageui.jsp 02/04/2010 10:05 AM 786 product.jsp 02/08/2010 02:56 PM 2,168 propertyctrl.jsp 02/08/2010 02:59 PM 12,218 search.jsp 02/10/2010 02:01 PM 3,201 searchprompt.jsp 02/08/2010 03:03 PM 6,520 selectwithin.jsp 02/08/2010 03:07 PM 2,319 selectwithinui.jsp 02/04/2010 10:05 AM 5,992 serveradminhelper.jsp 02/10/2010 12:54 PM 4,547 setselection.jsp 02/08/2010 03:12 PM 1,640 statusbar.jsp 02/08/2010 03:13 PM 1,638 taskbar.jsp 02/10/2010 02:26 PM 3,829 taskframe.jsp 02/08/2010 03:24 PM 1,619 tasklist.jsp 02/04/2010 10:05 AM 1,478 taskpane.jsp 02/04/2010 10:05 AM 1,267 toolbar.jsp 02/08/2010 03:25 PM 2,050 viewoptions.jsp 35 File(s) 183,245 bytes Directory of \mapviewernet 02/08/2010 11:37 AM 997 ajaxviewer.aspx 02/08/2010 11:37 AM 3,216 ajaxviewerabout.aspx 02/10/2010 05:40 PM 19,329 buffer.aspx 02/08/2010 11:37 AM 2,535 bufferui.aspx 02/08/2010 11:57 AM 2,161 colorpicker.aspx 02/08/2010 11:47 AM 8,740 common.aspx 02/08/2010 11:37 AM 997 dwfviewer.aspx 02/08/2010 11:37 AM 1,255 formframe.aspx 02/08/2010 11:37 AM 5,716 gettingstarted.aspx 02/12/2010 11:33 AM 18,609 legend.aspx 02/08/2010 11:37 AM 2,518 legendctrl.aspx 02/08/2010 11:37 AM 1,883 legendui.aspx 02/10/2010 02:25 PM 27,910 mainframe.aspx 02/08/2010 11:37 AM 9,010 mapframe.aspx 02/08/2010 11:37 AM 14,616 measure.aspx 02/08/2010 11:37 AM 2,773 measureui.aspx 02/10/2010 02:11 PM 3,529 printablepage.aspx 02/10/2010 12:37 PM 3,148 printablepageui.aspx 02/08/2010 11:37 AM 794 product.aspx 02/08/2010 11:37 AM 1,923 propertyctrl.aspx 02/08/2010 11:37 AM 13,208 search.aspx 02/10/2010 02:00 PM 3,355 searchprompt.aspx 02/08/2010 11:37 AM 6,581 selectwithin.aspx 02/08/2010 11:37 AM 2,406 selectwithinui.aspx 02/08/2010 11:37 AM 5,960 serveradminhelper.aspx 02/08/2010 11:37 AM 4,847 setselection.aspx 02/08/2010 11:37 AM 1,613 statusbar.aspx 02/08/2010 11:37 AM 1,611 taskbar.aspx 02/18/2010 10:52 AM 3,883 taskframe.aspx 02/08/2010 11:37 AM 1,556 tasklist.aspx 02/08/2010 11:37 AM 967 taskpane.aspx 02/08/2010 11:37 AM 966 toolbar.aspx 02/08/2010 03:29 PM 2,280 viewoptions.aspx 33 File(s) 180,892 bytes Directory of \mapviewerphp 02/04/2010 10:05 AM 983 ajaxviewer.php 02/10/2010 10:30 AM 2,508 ajaxviewerabout.php 02/10/2010 12:09 PM 17,288 buffer.php 02/10/2010 09:31 AM 2,138 bufferui.php 02/04/2010 10:05 AM 6,994 capturerequest.php 02/10/2010 11:12 AM 1,778 colorpicker.php 02/10/2010 12:04 PM 7,904 common.php 12/10/2009 01:05 AM 97,535 constants.php 02/04/2010 10:05 AM 3,011 createlayer.php 02/04/2010 10:05 AM 1,533 debugconsole.php 02/04/2010 10:05 AM 978 dwfviewer.php 02/04/2010 10:05 AM 820 formframe.php 02/10/2010 11:11 AM 5,329 gettingstarted.php 02/04/2010 10:05 AM 5,553 layerdefinitionfactory.php 02/12/2010 11:40 AM 16,411 legend.php 02/10/2010 10:30 AM 1,879 legendctrl.php 02/10/2010 10:30 AM 1,375 legendui.php 02/10/2010 02:24 PM 27,257 mainframe.php 02/04/2010 10:05 AM 5,701 mapagentcapture.php 02/10/2010 11:09 AM 6,811 mapframe.php 02/10/2010 12:12 PM 12,451 measure.php 02/10/2010 12:13 PM 2,111 measureui.php 02/10/2010 02:11 PM 2,795 printablepage.php 02/10/2010 12:15 PM 2,414 printablepageui.php 02/04/2010 10:05 AM 797 product.php 02/10/2010 10:30 AM 1,569 propertyctrl.php 02/10/2010 10:53 AM 11,413 search.php 02/10/2010 02:01 PM 2,608 searchprompt.php 02/10/2010 10:41 AM 6,027 selectwithin.php 02/10/2010 10:40 AM 1,804 selectwithinui.php 02/04/2010 10:05 AM 4,903 serveradminhelper.php 02/10/2010 12:19 PM 4,633 setselection.php 02/10/2010 10:30 AM 1,718 statusbar.php 02/10/2010 10:30 AM 1,685 taskbar.php 02/10/2010 02:26 PM 2,849 taskframe.php 02/10/2010 10:30 AM 1,274 tasklist.php 02/04/2010 10:05 AM 1,225 toolbar.php 02/10/2010 10:38 AM 1,538 viewoptions.php 38 File(s) 277,600 bytes Update instructions: 1. Shut down the MapGuide 2010 Web Server (IIS or Apache) 2. Make a backup copy of the AJAX Viewer files found in the ../www/mapviewerXXX (net/java/php) folder 3. Copy and replace the files in the mapviewerXXX folder with those from the matching subfolder in the zip 4. Restart the MapGuide 2010 WEb Server 5. Preview a Basic Web Layout and ensure things are working as expected.