NagarajP0101 Member since 2017 54 posts
ING Belgium SA NV
Posted: February 5, 2018
Last activity: October 12, 2018

XSS reflecting issues in pen test report


We recently performed pen test in AES server and found couple of issues related to XSS . Please find below descriptions for the same.

Issue1: Cross-site scripting (reflected)

Mitigation step : Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Issue2 : Cross-site scripting (reflected)

Mitigation step : In most situations where user-controllable data is copied into application responses, cross-site scripting
attacks can be prevented using two layers of defenses.

We scanned the results in hotfix manager and found HFix-36540 was 'critical missing' . Kindy advise if HFix-36540 will solve both of the above mentioned issues.

***Edited by Moderator Marissa to update platform capability tags****

Pega Autonomic Event Services DevOps SR Exists
Moderation Team has archived post
Share this page LinkedIn