cross-site scripting coldfusion pci compliance

Posted on 2009-02-18
Last Modified: 2012-05-06
I need to adhere to some bullshit PCI compliance.    the app is written in Coldfusion.   from what I've found on the web I gotta somehow check an url parm to make sure it doesn't have any html in it.
please help!!
Question by:jonvanCR
    LVL 12

    Accepted Solution


    Author Comment

    giving the scriptProtect option a try.   will let you know how it goes.
    thanks for you quick response!!
    LVL 51

    Expert Comment

    if you're talking about PCI-DSS 1.2 (6.6), then you have to use consecutive SCA or WAF, then you're compliant (nevertheless your code is vulnerable to XSS or not;-)

    Anyway, if you want to be XSS-save, then check your input and reject anything which contains < or > or " or ' or =
    If you input is feed to CSS or active scripting code (like JavaScript) more checks have to be done.
    LVL 1

    Expert Comment

    In CF7, adding scriptprotect alone does not help with PCI "cross-site scripting" compliance.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
    Read about achieving the basic levels of HRIS security in the workplace.
    This video discusses moving either the default database or any database to a new volume.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now