Code: p1217 Severity: Warning
Description: This event indicates that a cross-site scripting attack using the "img src=javascript" vulnerability is being attempted, or a potential attacker is testing your site to determine if it is vulnerable. Impact: Successful cross-site scripting attacks generally target the users of your web site. Attackers can potentially gain access to your users cookies or session ids, allowing the attacker to impersonate your user. They could also set up elaborate fake logon screens to steal user names and passwords. Corrective: Determine if your web application is actually vulnerable to this attack. If it is and the application is not of your own design, contact the authors or vendor and see if there is a patch or newer version. If the application is proprietary to you or your company, ensure that it properly validates input.
|
