Path-Based Cross-Site Scripting (XSS) Failure
Posted: Fri Jan 20, 2017 3:54 am
A PCI scan has failed my site due to Path-Based Cross-Site Scripting (XSS) vulnerability. Microsoft IIS resolved this problem years ago by enabling the "Validate Request = true" in the Pages and Control under your site. If I do this on my site it disables the ability to edit pages on the site from the admin. It might also disable other features and customer shopping experience. Your default web.config file has validate request = false. What do you recommend to resolve this PCI failure? Can you provide a letter or statement I can send to my scanning company to get past this failure?
Running 2008 R2 Server with newest Gold build 12 SP1 (something like that).
Running 2008 R2 Server with newest Gold build 12 SP1 (something like that).