Skip to main content
Contact a Moderator

Question

1
Replies
592
Views
 SHRAVAN REDDY (SHRAVANR0960) EXPRESS SCRIPTS
EXPRESS SCRIPTS
US
SHRAVANR0960 Member since 2017 1 post
EXPRESS SCRIPTS
Posted: July 13, 2018
Last activity: July 16, 2018
Posted: 13 Jul 2018 11:05 EDT
Last activity: 16 Jul 2018 14:13 EDT
Closed

XML Stream mapping mode=literal severity warning which expose system to cross site scripting attacks

In V 7.2.2 XML Stream mapping mode=literal severity warning as below.
"Using "mode=literal" can expose the system to cross site scripting attacks - use with caution".

Installed HFIX-33128 yet this didn't resolve the issue.

Thanks,

shravan

***Edited by Moderator Marissa to update SR details**

Security Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 4 years ago
Posted: 16 Jul 2018 14:13 EDT
Brad Tainter (Br@dTainter_GCS) PEGA Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi SHRAVANR0960,

It looks like there are some post install steps for the hotfix in question.  Can you try them:

After installing, run a Revalidate and Save (https://community.pega.com/sites/default/files/help_v731/procomhelpmain.htm#tools/revalidate/aboutrevalidation.htm) on all rules of type Rule-Obj-XML.

We'd prefer it if you saw us at our best.

Pega Support Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice