We are in the process of getting our web sites PCI certified. One Issue reported by Qualys PCI scan is Persistent Cross Site Scripting attack.
We are not able to reproduce it using the url and payload reported in the scan. However for other vulnerabilites like reflected cross site scripting we are able to reproduce the attack using the data given in the report.
Can someone please help me understanding how to interpret the urls and payload given in the report for this particular vulnerability?