SR-D62949 · Issue 527502
XSS protection added
Resolved in Pega Version 8.4
The CrossScriptingFilter API has been applied to address a potential XSS issue related to stream rule parameters used in the request header.
SR-D67323 · Issue 529948
XSS filtering added for CreateMergedWordDoc
Resolved in Pega Version 8.4
XSS filtering has been added for the TemplateName parameter value in the CreateMergedWordDoc section.
SR-D48248 · Issue 517239
XSS filtering added to URLs
Resolved in Pega Version 8.4
XSS filtering has been added to prevent the injection of a script into a URL using ViewXML.
SR-D30215 · Issue 503684
XSS protection added to ClientDynamicData
Resolved in Pega Version 8.4
Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.
SR-D65917 · Issue 528109
XSS protection added to ClientDynamicData
Resolved in Pega Version 8.4
Cross-site scripting protection has been added to the "DesignViewIframe" & "pzHarnessID" parameters in the pzClientDynamicData HTML rule.
SR-C82530 · Issue 420608
Atmosphere XSS Vulnerability fixed
Resolved in Pega Version 8.2.1
Atmosphere has been updated to close a potential XSS vunerability.
SR-D14161 · Issue 490594
XSS protection added to decryptURLString
Resolved in Pega Version 8.2.3
In order to secure against Cross-Site Scripting attacks, decryptURLString will return a blank string instead of plain text if it is not given valid encrypted text.
SR-D24497 · Issue 496467
Removed duplicated XSS filtering
Resolved in Pega Version 8.2.3
Some specific special characters ( "(" , ")", "%" , "&" ) in Delegated View of Data Type rules are not displayed properly in Edit view. Investigation showed the parameter value was subject to multiple passes of cross-site filtering, and the unneeded XSS filters have been removed.
SR-C79696 · Issue 417542
Atmosphere XSS Vulnerability fixed
Resolved in Pega Version 8.1.3
Atmosphere has been updated to close a potential XSS vunerability.
SR-C82530 · Issue 420609
Atmosphere XSS Vulnerability fixed
Resolved in Pega Version 8.1.3
Atmosphere has been updated to close a potential XSS vunerability.