PCI Compliance Failed with a cross-site scripting vulnerability

Posted: May 22, 2021 at 8:17 pm

worldlegacy

EE4 Everything License

May 22, 2021 at 8:17 pm

Hi folks, our PCI security scan failed with the following error:

web program allows cross-site scripting in query string (/events/nc188-journey/)

We have four of these vulnerabilities, only for our currently open events.

Has anybody seen this? Any ideas for how to eliminate the vulnerability?

Thanks

Tony

Support Staff

May 25, 2021 at 2:55 pm

Hi there,

Do you have any further details on the vulnerabilities found?

If so you can add them here in a private reply, or preferably discuss this further via email using support[at]eventespresso.com

Note – if there is a vulnerability within EE’s code we aren’t trying to hide it with the above and will make it a priority to fix it, however, we will need some time to fix it before it’s publicly disclosed.

The support post ‘PCI Compliance Failed with a cross-site scripting vulnerability’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.



Event Espresso Premium
Attendee Mover Add-on
Automated Event Notifications Add-on
Events Calendar Add-on
MailChimp Integration
Multiple Event Registration Add-on
Printable Tickets Add-on
Wait List Manager Add-on
WordPress User Integration

Support

PCI Compliance Failed with a cross-site scripting vulnerability

Topic Tags

Notifications