Forum Stats

  • 3,769,974 Users
  • 2,253,040 Discussions
  • 7,875,255 Comments

Discussions

Path fragment issue for inside a tag parameter between double quotes.

Hi,

I got XSS (cross site scripting issue) for the below in one of my JSP page:-

"Path Fragment input /store/<s>/[*]_<n>/<s> was set to SubCat1ECS"onmouseover=UaTZ(9025)"

The input is reflected inside a tag parameter between double quotes."

What does it mean? what is the fix we need to do for it? whether "onmouseover=UaTZ(9025)" is the issue here? which is in double quotes? please let me know how we can handle it?

Thanks

This discussion has been closed.