Forum Discussion

Gustavo_Lazarte's avatar
Gustavo_Lazarte
Icon for Nimbostratus rankNimbostratus
16 years ago

Cross-Script Audit

Hello,     I have upgraded to version 10.0 and I got audited with this cross-script vulnerability. I thought I turned off on 9.01. Do you know if I can trun off Cross-Script attacks on the...
config
design
Gustavo_Lazarte's avatar
Gustavo_Lazarte
Icon for Nimbostratus rankNimbostratus
16 years ago
We got flagged because a Firefox XSS error.

 

 

 

 

If the user types in firefox:

 

 

 

 

http://www.oursite.com/eShop/stores/InnisbrookA/rgs/Info/Info_Fundraising.cfm?">

 

 

 

 

in the source of that page they will get the script value:

 

 

 

 

name="form1" id="form1" action="/eShop/stores/oursiteA/rgs/Info/Info_Fundraising.cfm?%22%3E%3Cscript%3Ealert(123)%3C/script%3E" method="post" onsubmit="return _CF_checkform1(this)">

 

 

We see xss windows signatures but nothing for Firefox,

 

 

 

 

any ideas, thanks

Recent Discussions