Support

Home Forums Event Espresso Premium PCI Compliance Failed with a cross-site scripting vulnerability

PCI Compliance Failed with a cross-site scripting vulnerability

Posted: May 22, 2021 at 8:17 pm

Viewing 1 reply thread


worldlegacy

May 22, 2021 at 8:17 pm

Hi folks, our PCI security scan failed with the following error:

web program allows cross-site scripting in query string (/events/nc188-journey/)

We have four of these vulnerabilities, only for our currently open events.

Has anybody seen this? Any ideas for how to eliminate the vulnerability?

Thanks


Tony

  • Support Staff

    •

May 25, 2021 at 2:55 pm

Hi there,

Do you have any further details on the vulnerabilities found?

If so you can add them here in a private reply, or preferably discuss this further via email using support[at]eventespresso.com

Note – if there is a vulnerability within EE’s code we aren’t trying to hide it with the above and will make it a priority to fix it, however, we will need some time to fix it before it’s publicly disclosed.
Viewing 1 reply thread

The support post ‘PCI Compliance Failed with a cross-site scripting vulnerability’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3 Documentation for Event Espresso 4

Status: closed

Updated by Tony 3 years, 6 months ago ago

Topic Tags

Notifications

This topic is: not resolved
Event Espresso