0 Replies Latest reply on Mar 5, 2017 6:24 AM by 800839

    Path fragment issue for inside a tag parameter between double quotes.

    800839

      Hi,

       

      I got XSS (cross site scripting issue) for the below in one of my JSP page:-

       

      "Path Fragment input /store/<s>/[*]_<n>/<s> was set to SubCat1ECS"onmouseover=UaTZ(9025)"

      The input is reflected inside a tag parameter between double quotes."

       

      What does it mean? what is the fix we need to do for it? whether "onmouseover=UaTZ(9025)" is the issue here? which is in double quotes? please let me know how we can handle it?

       

      Thanks