Forum Stats

  • 3,826,039 Users
  • 2,260,589 Discussions
  • 7,896,771 Comments

Discussions

Path fragment issue for inside a tag parameter between double quotes.

User_19BPU
User_19BPU Member Posts: 1,086 Blue Ribbon

Hi,

I got XSS (cross site scripting issue) for the below in one of my JSP page:-

"Path Fragment input /store/<s>/[*]_<n>/<s> was set to SubCat1ECS"onmouseover=UaTZ(9025)"

The input is reflected inside a tag parameter between double quotes."

What does it mean? what is the fix we need to do for it? whether "onmouseover=UaTZ(9025)" is the issue here? which is in double quotes? please let me know how we can handle it?

Thanks

This discussion has been closed.