SR-A102969 · Issue 273954
XSS security update for error.jsp
Resolved in Pega Version 7.3
The error.jsp file has been updated for better XSS security with WebSphere and Firefox.
SR-B11243 · Issue 284444
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XCC handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.
SR-B11243 · Issue 288261
XSS handling added for ShowSelectedPortal in RedirectRun
Resolved in Pega Version 7.3
XSS handling has been added to the RedirectRun activity using location parameter and ShowSelectedPortal to improve security.
SR-B17270 · Issue 288020
XSS filtering added to Autocomplete highlighting
Resolved in Pega Version 7.3
XSS filtering has been added to Autocomplete highlighting for better security.
SR-B6669 · Issue 279329
XSS filters added to UI rulesets
Resolved in Pega Version 7.3
XSS filters have been added to pyCaseActionArea and pyAssignmentsLabel in Pega-EndUserUI and UIKit rulesets.
SR-B49305 · Issue 307379
XSS filtering added to Chart Title
Resolved in Pega Version 7.3.1
XSS security filtering has been added to the Chart Title in the Chart Editor.
SR-B52024 · Issue 308435
XSS filtering added to Chart Title
Resolved in Pega Version 7.3.1
XSS security filtering has been added to the Chart Title in the Chart Editor.
SR-B66204 · Issue 316885
XSS sanitizing added to clientID field
Resolved in Pega Version 7.3.1
During the time of construction of a ServiceRequest in the engine , the clientID field will be sanitized with the StringUtils.crossScriptFiltering API to avoid XSS attacks.
SR-C47022 · Issue 388398
XSS protection added to TopHarness query string
Resolved in Pega Version 8.1
When the topHarness query string parameter was provided with a request to Pega, its contents were written to the HTML stream without HTML-encoding the content, creating a Cross-Site Scripting vulnerability. To improve security, the “topHarness” value will be encoded using com.pega.pegarules.pub.util.StringUtils.crossScriptingFilter API in pzClientDynamicData.
SR-C9139 · Issue 352594
XSS filtering added to searched filter values
Resolved in Pega Version 8.1
ListViewHeader has been updated to apply XSS filtering to searched filter values.