cross-site scripting coldfusion pci compliance

Posted on 2009-02-18
Medium Priority
Last Modified: 2012-05-06
I need to adhere to some bullshit PCI compliance.    the app is written in Coldfusion.   from what I've found on the web I gotta somehow check an url parm to make sure it doesn't have any html in it.
please help!!
Question by:jonvanCR
LVL 12

Accepted Solution

jahboite earned 2000 total points
ID: 23669183

Author Comment

ID: 23676482
giving the scriptProtect option a try.   will let you know how it goes.
thanks for you quick response!!
LVL 51

Expert Comment

ID: 23678587
if you're talking about PCI-DSS 1.2 (6.6), then you have to use consecutive SCA or WAF, then you're compliant (nevertheless your code is vulnerable to XSS or not;-)

Anyway, if you want to be XSS-save, then check your input and reject anything which contains < or > or " or ' or =
If you input is feed to CSS or active scripting code (like JavaScript) more checks have to be done.

Expert Comment

ID: 26563882
In CF7, adding scriptprotect alone does not help with PCI "cross-site scripting" compliance.

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question