3 Replies Latest reply on Sep 4, 2008 10:11 AM by thepolarexpress

    XSS vulnerability

      I able to embed following text successfully even applying scriptProtect=all.

      >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26 %23x69;%26%23x70;%26%23x74;%26%23x3a;alert(392271)>

      Anybody have any cfm script to strip out above character, I have scipt which remove <script> tag but could not detect above tag.

      Any help will appreciable

      amar Piwar