PCI scan shows unknown vulnerabilities

Basit Submit Module Cross Site Scripting Vulnerability

DCP-Portal Cross Site Scripting Bugs, CVE-2004-2511 CVE- 2003-1536 CVE-2004-2512

These two vulnerabilities have been identified in the scan done against our website by a 3rd party reviewer. I’m unable to resolve these issues. Can anyone shed some light on these and how to resolve them?

here is solutions:

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Solution 1

As previously mentioned in the comments of the question.

It will be best to look at the HTTP headers

I have included an answer to a previous question, which can be used to address these issues.

https://stackoverflow.com/a/10369475/4962088

https://geekflare.com/http-header-implementation/

It is also worth looking at validation when creating a website/web application, which can be seen using the link below.

https://stackoverflow.com/a/1996141/4962088

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply