AnsweredAssumed Answered

How to show a client a XSS?

Question asked by WEBPC on Sep 29, 2010
Latest reply on Oct 7, 2010 by sshannon

We are currently using the Go Secure beta to run checks on a client's web site and it is reporting several XSS vulnerabilities.


The scanner is providing the result of the XSS attempt and I believe is using

"PreparedStatement ps = "SELECT name,email FROM users WHERE userid=?"; ps.setInt(1, userid);"

to make the attempt.


I want to show the client it in action.  How can I do this?