Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › eCart › eCart General / Announcements › Reflected Cross-Site Scripting (XSS) Vulnerabilities

Reflected Cross-Site Scripting (XSS) Vulnerabilities

Thread began 2/24/2015 10:16 am by Armen | Last modified 2/24/2015 10:53 am by Armen | 1439 views | 5 replies

2/24/2015 10:44 amJason ByrnesWebAssist

thought the report, the comments say:

"comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as
expected for a successful exploit. This result should be manually verified to determine its accuracy."

Since the DOM was not modified, this would mean there is no vulnerability detected.

what the comments mean is that they tried to perform a cross site scripting attack, a lot of the attempt is left in tact, but the crucial < and > characters needed to make the attack actually work are being converted to < and > html entities, thus negating the attack.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.