Cross-site scripting issue for PCI compliance

1145870 pts.
Tags:
PCI compliance
PCI DSS
For one of our client's websites, they're trying to pass PCI compliance test but the testing company notified us of a vulnerability that we can't figure out. Here's what they told us:
The issue here is a cross-site scripting vulnerability that is commonly associated with e-commerce applications. One of the tests appended a harmless script in a GET request on the end of the your site url. It flagged as a cross-site scripting vulnerability because this same script that was entered by the user (our scanner) was returned by the server unsanitized in the header. In this case, the script was returned in the header so our scanner flagged the vulnerability.
Has anyone seen this before? If so, how can we correct it? Thank you.
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: