Cross Site Scripting

  • Thread starter Thread starter Fred
  • Start date Start date
F

Fred

When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
Yes. Cross Site Scripting (XSS) is a serious security issue. If your forms take in information and then print that information without server-side validation, you risk XSS attack. Since this kind of attack is enabled with forms, that is probably what Norton is detecting.

If these forms are posting to a database backend (like SQL) the risk is much higher, because hackers can use the volunerability to delete tables from your database.

See if this helps:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252985

-John
When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
It looks like it's an XSS problem. It says that one should "validate" forms etc before loading them. How does one do this?

Fred
Yes. Cross Site Scripting (XSS) is a serious security issue. If your forms take in information and then print that information without server-side validation, you risk XSS attack. Since this kind of attack is enabled with forms, that is probably what Norton is detecting.

If these forms are posting to a database backend (like SQL) the risk is much higher, because hackers can use the volunerability to delete tables from your database.

See if this helps:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252985

-John
When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
Back
Top