Web Application Cross Site Scripting
Changed login.php form action to
"<form action="<?php echo $_SERVER["PHP_SELF"]; ?><?php echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".str_replace("<","<",str_replace(">",">",str_replace('"',""",$_SERVER["QUERY_STRING"]))):""; ?>" method="post" name="WAATKLogInForm" id="WAATKLogInForm">"
McAfee says this page has the vulnerbility.
Vulnerability Detail
Vulnerability Web Application Cross Site Scripting
Port 443/tcp
Scan Date 06-SEP-2011 23:36
Protocol https Port 443 Read Timeout 10000 Method POST
Edit Demo
Path /shop/adm3/login.php
Headers Referer=https%3A%2F%2Fwww.domain.com%2Fshop%2Fadm3%2Flogin.php
Content-Type=application%2Fx-www-form-urlencoded
Body username=>"></title></iframe></script></form></td></tr><br><iFraMe src
userpassword=0
remembermeoption=1
autologinoption=1
LogIn.x=0
LogIn.y=0
