From the cross site scripting we encountered one high risk script in a product search page. This page is not behind security assist. The line in question is:
<select class="formMenufield_Medium" name="ProductCategories" id="ProductCategories" rel=""><script>alert(1);</script>"undefined title="Please enter a value.">
With a highlight on <script>alert(1);</script>
Further to that the warning given is:
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
Script Scan was done by OWSAP ZAP
Could you let me know if this script is originated by Webassist or if it was altered by the initial hack?
There are some other "medium" warnings.
Any direction or opinions on these results would be appreciated.