How do I reply/dispute this ?
Service: https Sent: GET /webmail/<SCRIPT>alert('SAINT')</SCRIPT> HTTP/1.0 Host: domain.net User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Connection: Keep-alive Received: 'redirect_url': "http:\/\/webmail.domain.net\/<SCRIPT>alert('SAINT')<\/SCRIPT>"
Cross-site scripting can be fixed by modifying the application's code on the server to HTML-encode user-supplied characters which have special meaning when rendered in a browser. That is, change < to &lt;, > to &gt;, & to &amp;, and " to &quot;. Some web application programming languages contain functions for this purpose, such as htmlspecialchars() in PHP and HttpServerUtility.HtmlEncode in .NET. Fix information for specific software products is provided below. All other products: Retrieve an upgrade or a patch from the vendor. See the posting to [http://www.securityfocus.com/archive/1/194464] Bugtraq for information about specific types of web servers. If a fix is unavailable, then work around the problem by creating a customized error page.
Last edited by a moderator: