[ic] PCI scan suddenly failing?
DB
db at m-and-d.com
Thu Jun 27 19:01:38 UTC 2013
> Hi - today I'm seeing a number of problems with a PCI compliance scan
> which previously had not been an issue. They're all similar to:
>
> ---------------------
> A reflected cross-site scripting vulnerability was identified in this
> web application. Reflected cross-site scripting is when HTML or
> Javascript content is supplied to a user defined parameter to have it
> then displayed (aka: reflected) back to the user and rendered or
> interpreted by their browser.
>
>
> Paramter: id
> Request: GET /index.html?id=%3Cscript%3Ealert('TK00000008')%3C/script%3E
> HTTP/1.1
>
> Accept: */*
> ---------------------
>
> Even my index.html page now has such an error, so I'd think many other
> IC users would see the same thing. Does anyone have any idea what the
> scanner is complaining about, or how to correct it?
>
> DB
>
>>>>>>>>>>>>>>>
> What version of IC are you using?
>
> -Steve
I'm running 5.6.3 and I also just sent to the list more specific details
about the request and respanse that caused the issue. I've not made any
changes to my site's operation, so I think this must be something new
that my PCI service is scanning for.
DB
More information about the interchange-users
mailing list