SR-B89114 · Issue 339165
XSS filtering added to ImportSpecExcel
Resolved in Pega Version 7.4
The control 'pzImportSpecExcel' has been modified to secure the property pyImportFileName with XSS filtering.
SR-B95798 · Issue 344526
XSS filtering added to GetTour
Resolved in Pega Version 7.4
Cross scripting filtering has been added to pxGetTour java step 7, which prepares JSON.
SR-C1787 · Issue 346038
XSS filtering added for insHandle
Resolved in Pega Version 7.4
XSS filtering has been added for the inshandle parameter in the downloadFile activity.
SR-C44297 · Issue 397534
XSS filtering added to RTE control
Resolved in Pega Version 8.2
The system has been updated to close a vulnerability with RTE where an authenticated application user could potentially inject an XSS payload into the Case Notes section for later execution.
SR-C65032 · Issue 407952
XSS filtering added to RTE control
Resolved in Pega Version 8.2
The system has been updated to close a vunerbility with RTE where an authenticated application user could potentially inject an XSS payload into the Case Notes section for later execution.
SR-D28060 · Issue 498751
XSS filtering added to App Studio
Resolved in Pega Version 8.4
The pzDisplaySpaceFeedTitle control which is used to display the audit feed in Pega App Studio has been updated with XSS filtering.
SR-D23036 · Issue 500574
XSS protection added to paragraph rules
Resolved in Pega Version 8.4
XSS filtering has been added for property references in paragraph rules.
SR-D26244 · Issue 501193
Label control XSS protection added
Resolved in Pega Version 8.4
XSS protection has been added to label control.
SR-D42701 · Issue 510923
XSS security added for Case Manager
Resolved in Pega Version 8.4
XSS security has been added to the Document features in the Case Manager portal.
SR-D50116 · Issue 518002
XSS filtering added for MobileSnapStart URL
Resolved in Pega Version 8.4
XSS filtering has been added for windowTitle in the MobileSnapStart URL.