Support Article
Cross-Site Scripting issue on Summary view
SA-53488
Summary
Cross-Site Scripting (XSS) vulnerability detected in the Full Description field in the Summary view.
Error Messages
Not Applicable
Steps to Reproduce
- Create a Summary view.
- Add any HTML or JavaScript code in the Full Description field in the History tab.
- Execute the rule. HTML or JavaScript is executed.
Root Cause
This behavior is as per Pega product design.
Resolution
The Full Description field is open to write HTML code to format the List view or Summary view header.
Published August 24, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.