I ran a penetration test against one of my sites and am coming back with an XSS vulnerability on a url with a contour form on it. The Paramter listed is the a string that looks like a GUID, but isn't the GUID of the form.
Does anyone know why this would happen and how to remediate it?
So I think this is realated to the file upload field on the form. Is it possible to validate the file extension? I don't see an validation option in the upload field datatype.
XSS Vulnerability?
I ran a penetration test against one of my sites and am coming back with an XSS vulnerability on a url with a contour form on it. The Paramter listed is the a string that looks like a GUID, but isn't the GUID of the form.
Does anyone know why this would happen and how to remediate it?
Thanks,
Amir
So I think this is realated to the file upload field on the form. Is it possible to validate the file extension? I don't see an validation option in the upload field datatype.
Thanks!
Amir
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.