Parallels Business Automation (PBA) version Build ID: 3.3.3-07.23 appears to introduce a number of PCI compliance issues which causes PCI compliance to fail. The issue was picked up by a PCI scan after upgrade PBAS from 3.3.3-06.48 to 3.3.3-07.23.
The release notes say the following bugs have been addressed, but, appear not to have been:
3225 (267935) PBAS PCI Compliance. Web Application Cross Site Scripting issue has been corrected in the default online store.
3634 Configure PBAS for the PCI Compleance.
Which, doesn’t seem to be the case.
Although not detailed in the PBA release notes this is not the first time Parallels Business Automation/HSPC has been plagued by XSS issues.
Suggests fixes for the XSS issue can be found in this document:
But, it doesn’t detail a fix for the SVN entries PCI issue that is reported. Simply chmod’ing the directory fixes the PCI issue, but, may not be the best fix.