PhotoPost Community - View Single Post - Cross Site Scripting problem in showphoto.php

rpertiet · April 3rd, 2009, 08:29 AM

I'm running Photopost Pro 6.02 and just got flagged on PCI scanning for a Cross Site Scripting problem in showphoto.php.

Recommended solution:

When accepting user input ensure that you are HTML encoding potentially malicious characters if you ever display the data back to the client.

Ensure that parameters and user input are sanitized by doing the following:
Remove < input and replace with <
Remove > input and replace with >
Remove ' input and replace with '
Remove " input and replace with "
Remove ) input and replace with )
Remove ( input and replace with (

Is there a fix for this?

Thanks

April 3rd, 2009, 08:29 AM	#1 (permalink)
rpertiet Junior Member Verified Customer Join Date: Jun 2005 Location: Bel Air, MD Posts: 21	Cross Site Scripting problem in showphoto.php I'm running Photopost Pro 6.02 and just got flagged on PCI scanning for a Cross Site Scripting problem in showphoto.php. Recommended solution: When accepting user input ensure that you are HTML encoding potentially malicious characters if you ever display the data back to the client. Ensure that parameters and user input are sanitized by doing the following: Remove < input and replace with < Remove > input and replace with > Remove ' input and replace with ' Remove " input and replace with " Remove ) input and replace with ) Remove ( input and replace with ( Is there a fix for this? Thanks