Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2271
  • Last Modified:

How to fix - The remote web server is prone to cross-site scripting attacks

I am running a website on a Windows Server 2008. My client ran a PCI Audit and Failed.

This is the failing point:

Error:  TCP, port 80, http
Synopsis : The remote web server is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. See also : http://en.wikipedia.org/wiki/Cross-site_ scripting Solution: Contact the vendor for a patch or upgrade. Risk Factor: Medium  / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314 [More]

I have not been able to fix the issue. The website is Build with DotNetNuke 5.

Server Specs:
Windows Server 2008 Standard (32-bit)
Service Pack 1

How can i fix the problem so I can pass the PCI Audit?
0
Benjamin_
Asked:
Benjamin_
1 Solution
 
iUsernameCommented:
XSS (cross site scripting) is a web application vulnerability, and to fix this vulnerability you simply need to VALIDATE THE INPUT.
0
 
jahboiteCommented:
In order to fix this problem. you'll need to review the code for areas where the application accepts input from an untrusted source (user input, third party data...) and then displays that input back to the user.  You're looking for cases where the input is not validated and the corresponding output is not properly escaped.

I suggest the following page as an excellent jump-off point for understanding XSS and there also you'll find further references to help you understand and prevent XSS in your applications:

http://www.owasp.org/index.php/Cross_site_scripting
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now