XSS vulnerability?

This topic is locked

XSS vulnerability?	4/14/2011 3:24:27 AM
PHPRunner General questions
D david.fms author I work in the public and we are seriously considering buying PHPRunner for internal and external projects. Testing the demo 5.2 (not yet tested the 5.3) we have found that the generated code may have a XSS vulnerability when using multi-language. The software used is Acunetix for vulnerability scanning and vulnerability in particular is when selecting from the popup language and appears in the URL http:/...?language=Spanish, for example. Can you guide me about this issue? Greetings and thanks


	Admin 4/14/2011
	PHPRunner doesn't have any known vulnerabilities (SQL injection, XSS etc). The latest version that had a potential SQL injection vulnerability were 4.2. We haven't had any XSS vulnerability issues. You can Google "phprunner vulnerability" for more info. Specifically, passed via URL doesn't have anything to with XSS vulnerabilities. XSS attacks are made possible when user input is displayed on the page "as is", without cleaning which is not the case with PHPRunner applications. Hope this makes sense.