Hello,
We are using Magento CE 2.1.0. We scanned our site using Acunetix. It gave Cross site scripting errors for all pages.
We have used magento filtering functions auch as escapeHtml() in templates to avoid XSS vulnerabilities. Unfortunately the report shows Cross site scripting errors.
Highly appreciate a solution/suggestion to resolve this issue.
(One error message is added bellow. It repeats for each page.)
/152.html
URI was set to ;932353():;982613
The input is reflected inside <script> tag.
GET /152.html";932353():;982613 HTTP/1.1
Referer: http://xxx xx xx :80/
(line truncated)
...2error%22%2C%22text%22%3A%22We+can%27t+find+the+quote+item.%22%7D%2C%7B%22type%22%3A%
22error%22%2C%22text%22%3A%22We+can%27t+find+the+quote+item.%22%7D%2C%7B%22type%22%3A%22
error%22%2C%22text%22%3A%22We+can%27t+find+the+quote+item.%22%7D%2C%7B%22type%22%3A%22er
ror%22%2C%22text%22%3A%22We+can%27t+find+the+quote+item.%22%7D%2C%7B%22type%22%3A%22erro
r%22%2C%22text%22%3A%22We+can%27t+find+the+quote+item.%22%7D%2C%7B%22type%22%3A%22error%
22%2C%22text%22%3A%22Please+correct+the+email+address.%22%7D%5D
Host: 220.247.201.193
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept: */*
Thank you...
Rasika