Question

4
Replies
394
Views
Gooner007 Member since 2010 15 posts
Tata Consultancy Services
Posted: 3 years ago
Last activity: 3 years 5 months ago
Closed

Cross Site scripting - issue accessing SMA

Our project uses site minder for our login . For Fixing Cross site scripting issue we have worked with our Site minder Team and updated our Site minder Policy to reflect the following

badcsschars='<,',>,%22' .

This fixed our issue of cross site scripting but after this was implemented we are not able to access the Links available inside SMA. ( Agent Management ,Logging and Tracing etc) . By Looking at the source code for the these Links

<A href="#" title="Defines operations and attributes for agent management" oncontextmenu="showMenuHandler('performDefaultOp.do?mbeanname=AgentManagement&name=com.pega.PegaRULES%3Acell%3DXXgp1_prod_cell%2Cname%3Dcom.pega.pegarules.management.AgentManagement%2Ctype%3Denterprise%2Cnode%3DXX7_XXgp1_prod_node%2Cprocess%3DAPP_pega_1%2Cid%3D%22<NODE ID>%22&mbeanVersion=1.0')

We see the Node ID is getting passed between %22 . Anyone able to by pass this issue or any other solution for accessing these links with the cross site scripting fixed?

Thanks in advance.

Low-Code App Development System Administration
Moderation Team has archived post
Share this page LinkedIn