Nagaraj Ponnurangam (NagarajP0101)
ING Belgium SA NV

ING Belgium SA NV
NagarajP0101 Member since 2017 54 posts
ING Belgium SA NV
Posted: February 5, 2018
Last activity: October 12, 2018
Posted: 5 Feb 2018 5:00 EST
Last activity: 12 Oct 2018 14:41 EDT

XSS reflecting issues in pen test report


We recently performed pen test in AES server and found couple of issues related to XSS . Please find below descriptions for the same.

Issue1: Cross-site scripting (reflected)

Mitigation step : Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Issue2 : Cross-site scripting (reflected)

Mitigation step : In most situations where user-controllable data is copied into application responses, cross-site scripting
attacks can be prevented using two layers of defenses.

We scanned the results in hotfix manager and found HFix-36540 was 'critical missing' . Kindy advise if HFix-36540 will solve both of the above mentioned issues.

***Edited by Moderator Marissa to update platform capability tags****

Pega Autonomic Event Services DevOps Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.