Last post Mar 16, 2016 08:22 PM by Nataraj Gandhi Arunachalam
Mar 16, 2016 06:09 PM|sn002|LINK
I have a simple website form that take users' input and save that to a database. (e.g., names and email). very basic information.
Recently, it fails Vulnerability scan and I am not sure what the vulnerability below meant. Please help!
Cross-Site Scripting (XSS), allowing arbitrary malicious content to run in a legitimate user's session, is possible via a website (login.xxx.mil) system (banner and acceptance page).
Mar 16, 2016 08:22 PM|Nataraj Gandhi Arunachalam|LINK
Since your website takes user's inputs and saves it to database, it is open to a XSS attack. Please make sure you are properly encoding the user input before storing the input to the Database. That should take care of this issue.
Please refer to the below links to get more details informatin,