Cross Site Scripting issues
I created forms for the upload of files and for the processing of credit cards. They have been in place since last year and have not been changed except for text changes.
Our site has passed security compliance scans by SecurityMetrics.com during that time until this week when it failed.
SecurityMetrics techs said that there was cross site scripting problems on on pages, such as this one:
manuscript_submission.html. He said to make sure that our host was sanitizing all user input for html code. Characters : < > / \ ? = ' and "
I sent that information to our host. Their tech support said that it was a problem that must be solved by the web designer -- i.e., me -- and that they didn't support third-party programs.
Our merchant account is in jeopardy because we are now non-compliant and fees have begun to accrue.
I even removed that page to see if it would pass (which it didn't), but there are other pages that have the same problem. I will put it back up after I finish this message so that you can see it.
I don't know if the following is related or it's a different problem. When opening a page, I got this error:
Both of these might have absolutely nothing to do with the non-compliance issue.
As soon as I send this message to you, I'll put the page mentioned above back online so that you can see it.
Please help us.