IPpay PCI Scan Action Required
If you’re using IPpay as your payment gateway in Powercode, you will have to request an exclusion for a false positive that has popped up in their scanning engine to pass the PCI scan. We have outlined below how to do this.
This will take you to your PCI Compliance Dashboard. From here, you will click on “Vulnerability Scans”.
On this page, you will see a list of your Currently Running Scans, Scheduled Scans, and Completed Scans. Click on your most recent completed PCI Compliance Scan.
This will lead you to information of the completed PCI Scan. Then, click on your domain/IP address your Powercode instance is.
You’ll be brought to a detailed list of all services tested against your Powercode instance. From here, you should search for “PsNews” on the page. Once you find it, click the plus icon to the right.
More details will expand below. Go over to the “Exception Request” tab; here is where you will contest the “PsNews index.php Multiple Parameter XSS” issue.
Here you will select “Invalid Finding” (also known as a “false positive”). The message should be along the lines of “This software is not PsNews”. Check the agreement and compliance checkbox and submit.
Once submitted, you’ll see an “Invalid Finding Pending” message.
If the PsNews issue was the only failing issue, they will update it in that same scan so you will not have to do another rescan.
If there are other issues, make sure you are on the latest version of Powercode, then do another rescan.