Question

1
Replies
523
Views
Close popover
SHRAVAN REDDY (SHRAVANR0960)
EXPRESS SCRIPTS

EXPRESS SCRIPTS
US
View Profile Send Message
SHRAVANR0960 Member since 2017 1 post
EXPRESS SCRIPTS
Posted: July 13, 2018
Last activity: July 16, 2018
Closed

XML Stream mapping mode=literal severity warning which expose system to cross site scripting attacks

In V 7.2.2 XML Stream mapping mode=literal severity warning as below.
"Using "mode=literal" can expose the system to cross site scripting attacks - use with caution".

Installed HFIX-33128 yet this didn't resolve the issue.

Thanks,

shravan

***Edited by Moderator Marissa to update SR details**

Security Support Case Exists
Close popover
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 2 years ago
Close popover
Brad Tainter (Br@dTainter_GCS)
PEGA
Client Solutions Fellow
Pegasystems Inc.
US
View Profile Send Message

Hi SHRAVANR0960,


It looks like there are some post install steps for the hotfix in question.  Can you try them:


After installing, run a Revalidate and Save (https://community1.pega.com/sites/pdn.pega.com/files/help_v731/procomhelpmain.htm#tools/revalidate/aboutrevalidation.htm) on all rules of type Rule-Obj-XML.
Share this page Share via LinkedIn Copying...
Copied!