Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Sankhadeep Banerjee (_SanB4461)
Accenture Technology Services
Architect
Accenture Technology Services
IN
_SanB4461 Member since 2015 23 posts
Accenture Technology Services
Posted: Mar 15, 2017
Last activity: Mar 15, 2017
Posted: 15 Mar 2017 5:34 EDT
Last activity: 15 Mar 2017 11:48 EDT
Closed

Cross Site Scripting

Hi - As part of a security testing , one of the vulnerability identified in our system is that they can execute JavaScript alerts from generated URL.

Example : http://XXXXXX:12345/prweb/PRWebLDAP1/Kw_0Z8mslhfshkfhuwL8Q%5B%5B*/!STANDARD/'+alert(50)+'?

Is there any way we can stop executing this alerts even if it's there in url.

I have gone through the articles in PDN related to this but i have not find any resolution/ approach to this problem.

To see attachments, please log in.
Security

Posted: 7 years ago
Posted: 15 Mar 2017 10:47 EDT
Santanu Bhattacherjee (Santanu) Senior Manager, Cloud Engineering, Management Plane Services
Pegasystems Inc.
IN

Hello

Since this is a security issue, I would recommend you to engage with Pega Global Customer Support Team by raising an SR. 

To see attachments, please log in.
Posted: 7 years ago
Posted: 15 Mar 2017 11:48 EDT
Marissa Rogers (MarissaRogers)
MOD
Principal Knowledge Management Specialist
Pegasystems Inc.
US

If you do end up opening an SR per Santanu's request, please reply here with the SR number so we may connect the SR with this post.

Thanks!

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice