Cross-Site Scripting (XSS) Vulnerabilities

This topic contains 9 replies, has 2 voices, and was last updated by  easyregistrationadmin 1 month, 4 weeks ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
  • #4900


    We are getting a report of this vulnerability from the ERForms. Can you please provide me some feedback as to how to solve this vulnerability?



    Can you please share the details about where it is reported ? Any details regarding the report will be helpful.



    – Parameter: It has been detected by exploiting the parameter erf_password of the form located in URL The payloads section will display a list of tests that show how the param could have been exploited to collect the information

    – Authentication: In order to detect this vulnerability, no authentication has been required.

    – Access Path: Here is the path followed by the scanner to reach the exploitable URL:


    Form URL is leading to 404 page. Can you please check?



    Thank you for the URL. We have checked the code with ‘erf_password’ param and can assure that data is being sanitized before proceeding with the execution. It seems to be a false alarm. Please allow us some time to further debug the cause.



    Thank you for your response. Would you mind giving me an estimate of when you will be able to provide me an update regarding your debugging.


    It may take a couple of days. I will get back to you by Tuesday next week.




    Our Infrastructure team has run another scan and they provided us the report of the site which shows XSS vulnerabilities for the ERForms. Can you provide me an email where I could send the report to?


    You can send the details at

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.