Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

1
Replies
608
Views
 SHRAVAN REDDY (SHRAVANR0960) EXPRESS SCRIPTS
EXPRESS SCRIPTS
US
SHRAVANR0960 Member since 2017 1 post
EXPRESS SCRIPTS
Posted: July 13, 2018
Last activity: July 16, 2018
Posted: 13 Jul 2018 11:05 EDT
Last activity: 16 Jul 2018 14:13 EDT
Closed

XML Stream mapping mode=literal severity warning which expose system to cross site scripting attacks

Report

In V 7.2.2 XML Stream mapping mode=literal severity warning as below.
"Using "mode=literal" can expose the system to cross site scripting attacks - use with caution".

Installed HFIX-33128 yet this didn't resolve the issue.

Thanks,

shravan

***Edited by Moderator Marissa to update SR details**

Security Support Case Exists
Posted: 4 years ago
Posted: 16 Jul 2018 14:13 EDT
Brad Tainter ([email protected]_GCS) PEGA Fellow, Technical Support, Platform Service
Pegasystems Inc.
US
Report

Hi SHRAVANR0960,

It looks like there are some post install steps for the hotfix in question.  Can you try them:

After installing, run a Revalidate and Save (https://community.pega.com/sites/default/files/help_v731/procomhelpmain.htm#tools/revalidate/aboutrevalidation.htm) on all rules of type Rule-Obj-XML.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice