Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › eCart › eCart General / Announcements › Cross Site Scripting issues

Cross Site Scripting issues

Thread began 7/30/2010 2:46 pm by webassist2366041 | Last modified 8/05/2010 8:36 am by webassist2366041 | 4801 views | 12 replies

8/02/2010 11:14 amRay BorduinWebAssist

Cross site scripting security holes open when you display a value from a form directly without encoding characters... particularly "<" and ">", which could be used by a cross site scripting hack to run javascript or other code.

Of the two pages you sent... one is corrupt and I can't read it, and the other is the form itself. The cross site scripting vulnerability would actually be exposed and fixed on the action page of that form. The form itself looks fine, cross site scripting is about what you do with the results of the form, not problems with the form itself.

Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.