Last post Oct 18, 2018 05:50 PM by mgebhard
Oct 18, 2018 04:07 PM|sn002|LINK
There is a software called Fortify that scans my web code pages and that the code below vulnerable for Cross-Site Scripting: Persistent. I am not sure how to go about fixing it. Any ideas? Thanks.
public void GetStates()
DataSet DS = new DataSet();
string strQuery = "Select * from tbl_State where StateName <> '' order by StateName";
SqlConnection oConn = new SqlConnection(ConnStr);
SqlDataAdapter DA = new SqlDataAdapter(strQuery, oConn);
DA.Fill(DS); //Line 85 - Cross-Site Scripting: Persistent
State.Items.Add(new ListItem("Select a State", ""));
foreach (DataRow DR in DS.Tables.Rows)
State.Items.Add(new ListItem(DR["State"].ToString(), DR["StateID"].ToString())); //Line 90 - Cross-Site Scripting: Persistent
Oct 18, 2018 05:50 PM|mgebhard|LINK
Try reading the Fortify support documentation as the app might not like the "SELECT *". Usually the error messages come with examples of how to fix vulnerability issues.
Anyway, I recommend that you post this question on Fortify's support forum as this is not an ASP.NET question.