Posted: 12 May 2017 12:46 EDT Last activity: 16 May 2017 0:58 EDT
Cross Site scripting - issue accessing SMA
Our project uses site minder for our login . For Fixing Cross site scripting issue we have worked with our Site minder Team and updated our Site minder Policy to reflect the following
This fixed our issue of cross site scripting but after this was implemented we are not able to access the Links available inside SMA. ( Agent Management ,Logging and Tracing etc) . By Looking at the source code for the these Links
<A href="#" title="Defines operations and attributes for agent management" oncontextmenu="showMenuHandler('performDefaultOp.do?mbeanname=AgentManagement&name=com.pega.PegaRULES%3Acell%3DXXgp1_prod_cell%2Cname%3Dcom.pega.pegarules.management.AgentManagement%2Ctype%3Denterprise%2Cnode%3DXX7_XXgp1_prod_node%2Cprocess%3DAPP_pega_1%2Cid%3D%22<NODE ID>%22&mbeanVersion=1.0')
We see the Node ID is getting passed between %22 . Anyone able to by pass this issue or any other solution for accessing these links with the cross site scripting fixed?
If the suggestions don't work for the scenario and you end up creating an SR as pointed in the conversation, do let us know the SR number in a comment here so we can tag the SR number to the thread for the benefit of support professionals working on you SR.