Posted on 2012-04-12
A security scan was recently run on our web site and it showed some cross site scripting vulnerabilities. Mostly they are with CFID and CFTOKEN (see below for one of them). Is there a quick fix for this?
Cross-site scripting vulnerability found
Injected item: GET: CFID
Injection value: "/><iframe src=/lunder/' onLoad=alert(13318478.17087)
Detection value: 13318478.17087
This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.