Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Balakrishna G (BKrishna)
Thryve Digital

Thryve Digital
IN
BKrishna Member since 2018 30 posts
Thryve Digital
Posted: Jul 18, 2020
Last activity: Jul 18, 2020
Posted: 18 Jul 2020 23:04 EDT
Last activity: 18 Jul 2020 23:07 EDT
Closed

How to fix Cross Site Scripting(XSS) security issue in URL?

Please find attached word document which contains screenshots. 

Step 1: Access the URL and inject the xss payload in URL.

https://preprod-myXX.XXXXX.in/prweb/sso1/ex7EeZQhwqVsPcJXG37rCQ%5B%5B*/!STANDARD?IsLogin=true&SelTab=ExistingUser&pzPostData=-271446842

Step 2: Injecting javascript code in the url.

Result: javascript code is seen resulting in a pop up showing xss vulnerability

Thanks,

To see attachments, please log in.
Pega Platform 7.3.1
Low-Code App Development
System Administration
Senior System Architect

Related content:

Related content has not currently been identified for this post.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice