If you’re using IPpay as your payment gateway in Powercode, you will have to request an exclusion for a false positive that has popped up in their scanning engine to pass the PCI scan.  We have outlined below how to do this.

Log Into Max PCI

This will take you to your PCI Compliance Dashboard. From here, you will click on “Vulnerability Scans”.

Select Failed Vulnerability Scans

On this page, you will see a list of your Currently Running Scans, Scheduled Scans, and Completed Scans. Click on your most recent completed PCI Compliance Scan.

Select Most Recent Failed Scan

This will lead you to information of the completed PCI Scan. Then, click on your domain/IP address your Powercode instance is.

Select Your Powercode Domain/IP

You’ll be brought to a detailed list of all services tested against your Powercode instance. From here, you should search for “PsNews” on the page. Once you find it, click the plus icon to the right.

More details will expand below. Go over to the “Exception Request” tab; here is where you will contest the “PsNews index.php Multiple Parameter XSS” issue.

Search For PsNews on the Page And Click The Plus Button
Click the Exception Request Tab

Here you will select “Invalid Finding” (also known as a “false positive”). The message should be along the lines of “This software is not PsNews”. Check the agreement and compliance checkbox and submit.

Once submitted, you’ll see an “Invalid Finding Pending” message.

Select Invalid Finding, State It Is Not PsNews Software, Check The Agreement, And Submit
If Successful, You Should See An Invalid Finding Pending Page

If the PsNews issue was the only failing issue, they will update it in that same scan so you will not have to do another rescan.

If there are other issues, make sure you are on the latest version of Powercode, then do another rescan.