[ic] PCI scan suddenly failing?

DB db at m-and-d.com
Thu Jun 27 18:28:43 UTC 2013


Hi - today I'm seeing a number of problems with a PCI compliance scan
which previously had not been an issue. They're all similar to:

---------------------
A reflected cross-site scripting vulnerability was identified in this
web application. Reflected cross-site scripting is when HTML or
Javascript content is supplied to a user defined parameter to have it
then displayed (aka: reflected) back to the user and rendered or
interpreted by their browser.


Paramter: id
Request: GET /index.html?id=%3Cscript%3Ealert('TK00000008')%3C/script%3E
HTTP/1.1

Accept: */*
---------------------

Even my index.html page now has such an error, so I'd think many other
IC users would see the same thing. Does anyone have any idea what the
scanner is complaining about, or how to correct it?

DB



More information about the interchange-users mailing list