Arbitrary code can be executed in the login.fcc page if the user use Internet Explorer browser.

Document ID : KB000092573
Last Modified Date : 20/04/2018
Show Technical Document Details
Issue:
We're running Web Agent and when the protected resources has a "
character in the query part of the URL, then arbitrary code can be
executed in the login.fcc page if the user use Internet Explorer
browser. This issue cannot be reproduced with other browser.

This seems to be an issue in IE: 

https://www.pcworld.com/article/248408/ie_uri_encoding_behavior_facilitates_xss_attacks_researchers_say.html

How can we solve it ?
Resolution:
In the Web Agent ACO, set the following Parameter : 

  fcchtmlencoding to yes

to solve this vulnerability introduced by the Internet Explorer
behavior.