We are currently using the Go Secure beta to run checks on a client's web site and it is reporting several XSS vulnerabilities.
The scanner is providing the result of the XSS attempt and I believe is using
PreparedStatement ps = "SELECT name,email FROM users WHERE userid=?"; ps.setInt(1, userid);"
to make the attempt.
I want to show the client it in action. How can I do this?