SR-D3947 · Issue 457300
XSS security added to GET Request Work-DeleteAttachment activity
Resolved in Pega Version 8.2.2
Security has been improved against a potential XSS vulnerablity on GET Request Work-DeleteAttachment Activity.
SR-B10697 · Issue 282917
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-B10697 · Issue 280753
XSS handling added for pyCategory in Rule-Obj-Listview.ListViewHeader
Resolved in Pega Version 7.3
Cross-site scripting handling has been added for the pyCategory parameter in ListViewHeader to improve security.
SR-116989 · Issue 170784
XSS alert resolved for integer type property in Edit Data Table
Resolved in Pega Version 7.1.7
The presence of an integer type property in Edit Data Table was generating an XSS alert. This was caused by changes in the html- getMessagesAll that rendered the property value directly, and has been updated to an XSS-safe API.
SR-D52785 · Issue 518410
XSS protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.4
In order to protect against XSS issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D55449 · Issue 523503
XSS protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.4
In order to protect against XSS issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D52785 · Issue 518651
XSS protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.4
In order to protect against XSS issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-129461 · Issue 196393
Security enhanced for RunActionWrapper
Resolved in Pega Version 7.1.8
A potential XSS vulnerability was detected and resolved in the RunActionWrapper.
INC-168914 · Issue 659658
Updates added against Cross-site Scripting
Resolved in Pega Version 8.4.5
Cross-site Scripting (XSS) protections have been updated for the UI.
INC-168914 · Issue 659660
Updates added against Cross-site Scripting
Resolved in Pega Version 8.6.1
Cross-site Scripting (XSS) protections have been updated for the UI.