View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Possible cross site scripting

Thread began 11/17/2009 4:31 pm by larry268887 | Last modified 2/03/2014 11:15 am by larry268887 | 2756 views | 4 replies


Possible cross site scripting

I'm trying to get my site PCI compliant and am working with security metrics. They scaned my site and found that I wasn't in compliance because there was possible cross site scripting. Possible cross site scripting was described as being able to attact a site by adding a script at the end of an address. As an example this is an address of one of my detail pages on my site miniature_yorkie_puppy_for_sale.php?Id=10 and if one would type "><script>alert(123)<%2Fscript>" at the end of the address if there isn't cross site scripting then nothing will happen and if there is cross site scripting then a box will pop up and display 123. My detail pages are php and I use web assist extensions. This only occurs on detail pages.

Here is exactly what they said

Possible cross site scripting on pet-sup plies/dog_clothes_accessories.php Use the following commands to verify this: wp --inject " pplies/dog_clothes_accessories.php?Categor yId=6%22%3E%3Cscript%3Ealert%28123%29%3C%2 Fscript%3E" curl -L " pplies/dog_clothes_accessories.php?Categor yId=6%22%3E%3Cscript%3Ealert%28123%29%3C%2 Fscript%3E"| grep "123" This website may have other injection related vulnerabilities.

I have no idea how to correct the problem. I have another site hosted with the same hosting company and was made the same with web assist extensions and passed the scan.


Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question





Ease of use


security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...