I have a web server that is failing PCI compliance scans with the following explaination... Synopsis : The remote web server is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. See also : http://en.wikipedia.org/wiki/Cross-site_ scripting Solution: Contact the vendor for a patch or upgrade. Risk Factor: Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314 [More] Has anyone encountered this and/or no what the patch or fix is? I've been searching everywhere for a fix and failing miserably. Thanks.

Just to confirm ensure which version of software is your web server running on...?? If it 's either Apache or IIS 7.0...i guess it should be IIS..patch the software with the updates and also check the security on the index pages and also the rule enforced on the authenticated url redirection....because injecting malformed url or a obfuscated url is an easy way to gain root privileges.....So please take a look at it....Also try some of the web vulnerability scanners which will pin point what mod has the vulnerability...if it is really a security concern.....Regards, KOWSHAL H.M. a.k.a W@R10CK

If java is really so dangerous we would have to consider an alternative. Perhaps wscript would be enough to do the job. I've noticed flash ain't so wonderful as well. Silverlight might be a better solution. Scripts are so closely integrated in browsers it would be best to use the software from the same mfg.Information is the most valuable commodity I know off.

I am also facing the Same Problem . Please anyone Find the Solution . Please Mail me Chandru.rt@gmail.com chandru