Possible cross site scripting
I'm trying to get my site PCI compliant and am working with security metrics. They scaned my site www.elvisyorkshireterrier.com and found that I wasn't in compliance because there was possible cross site scripting. Possible cross site scripting was described as being able to attact a site by adding a script at the end of an address. As an example this is an address of one of my detail pages on my site miniature_yorkie_puppy_for_sale.php?Id=10 and if one would type "><script>alert(123)<%2Fscript>" at the end of the address if there isn't cross site scripting then nothing will happen and if there is cross site scripting then a box will pop up and display 123. My detail pages are php and I use web assist extensions. This only occurs on detail pages.
Here is exactly what they said
Possible cross site scripting on pet-sup plies/dog_clothes_accessories.php Use the following commands to verify this: wp --inject "http://elvisyorkshireterrier.com/pet-su pplies/dog_clothes_accessories.php?Categor yId=6%22%3E%3Cscript%3Ealert%28123%29%3C%2 Fscript%3E" curl -L "http://elvisyorkshireterrier.com/pet-su pplies/dog_clothes_accessories.php?Categor yId=6%22%3E%3Cscript%3Ealert%28123%29%3C%2 Fscript%3E"| grep "123" This website may have other injection related vulnerabilities.
I have no idea how to correct the problem. I have another site hosted with the same hosting company and was made the same with web assist extensions and passed the scan.
Thanks
Larry