Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Cross-Site Scripting issue on Summary view

SA-53488

Summary



Cross-Site Scripting (XSS) vulnerability detected in the Full Description field in the Summary view.


Error Messages



Not Applicable


Steps to Reproduce

  1. Create a Summary view.
  2. Add any HTML or JavaScript code in the Full Description field in the History tab.
  3. Execute the rule. HTML or JavaScript is executed.


Root Cause



This behavior is as per Pega product design.


Resolution



The Full Description field is open to write HTML code to format the List view or Summary view header.

Tags:

Pega Platform 6.3 SP1 Pega Platform Platform Security

Published August 24, 2018 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us