What version of Midtier you are talking about? please provide the environment detail. I have recently worked with BMC support and got fixed on my 9.1 environment.
Also look at the following document, it will help you to enable the security filters.
That is related to XSS but a different issue.
The XSS that we have encountered affects all remedy web versions.
Steps to reproduce -
1 Login to Remedy Web using Firefox
2 Open a new adjacent tab in the same browser session and copy the URL below (you could change the form-name 'HPD:HelpDesk' to any existing form on your server).
It executes the script.
Apply the following parameter in Midtier's config.properties, restart Tomcat, verify the issue.
change this to
The flag is already in-place.
We perform security testing every 6 months and are mostly up to date with all security parameter settings.