Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 SHRAVAN REDDY (SHRAVANR0960)
EXPRESS SCRIPTS

EXPRESS SCRIPTS
US
SHRAVANR0960 Member since 2017 1 post
EXPRESS SCRIPTS
Posted: Jul 13, 2018
Last activity: Jul 16, 2018
Posted: 13 Jul 2018 11:05 EDT
Last activity: 16 Jul 2018 14:13 EDT
Closed

XML Stream mapping mode=literal severity warning which expose system to cross site scripting attacks

In V 7.2.2 XML Stream mapping mode=literal severity warning as below.
"Using "mode=literal" can expose the system to cross site scripting attacks - use with caution".

Installed HFIX-33128 yet this didn't resolve the issue.

Thanks,

shravan

***Edited by Moderator Marissa to update SR details**

To see attachments, please log in.
Security
Support Case Exists

Posted: 6 years ago
Posted: 16 Jul 2018 14:13 EDT
Brad Tainter (Br@dTainter_GCS)
PEGA
Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi SHRAVANR0960,

It looks like there are some post install steps for the hotfix in question.  Can you try them:

After installing, run a Revalidate and Save (https://community.pega.com/sites/default/files/help_v731/procomhelpmain.htm#tools/revalidate/aboutrevalidation.htm) on all rules of type Rule-Obj-XML.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice