1
Vote

PCI Compliance Issues

description

A PCI scan of my website identified injection attack issues with the current version of the Wiki module.

I did some testing and was able to execute some javascript code on a Wiki page in one of two ways:

1) By putting the script in the query string (i.e., wiki?topic=<script type="text/javascript">alert('hi');</script>

2) By putting the script in a Wiki comment

Are there any plans to resolve these issues?

comments