search for: 28cross_site_scripting

Hello, I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The Red Hat Security Response Team has rated this issue as having moderate security impact and bug as wontfix. Explanation: The vulnerability affects non default configuration of Apache HTTP web server, i.e cases, when access to Apache::Status and Apache2::Status resources is explicitly allowed via <Location

...entire request URL as part of the page? You need to be using htmlspecialchars() or HTML::Entities or whatever your language/environment has to escape strings for safe inclusion in HTML content. There is of course more to it than that (sigh), try for starters: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet --ln

...o use curl for testing? I'm getting new line because of the single quote inside string and escaping it with back slash gives me bash: syntax error near unexpected token `<' > There is of course more to it than that (sigh), try for starters: > https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet Very nice reading, thanks!