Reflected Cross-Site Scripting (XSS) Vulnerabilities
An eCart created form is causing a security issue according to McAfee. Jason, I can send you the report in a private message once you reply :-)
An eCart created form is causing a security issue according to McAfee. Jason, I can send you the report in a private message once you reply :-)
yes, please send the report
thought the report, the comments say:
"comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as
expected for a successful exploit. This result should be manually verified to determine its accuracy."
Since the DOM was not modified, this would mean there is no vulnerability detected.
what the comments mean is that they tried to perform a cross site scripting attack, a lot of the attempt is left in tact, but the crucial < and > characters needed to make the attack actually work are being converted to < and > html entities, thus negating the attack.
Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.
These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.