We are running ML 9.0.1.2 32bit source.
We recently ran Accunetix Web Vulnerability Scan as we are required to for our PCI Compliance.
We found several issues:
Cross Site Scripting
/popup.aspx
src
Application error message
/captcha.ashx
ASPDNSFGUID
/contactus.aspx
ASPDNSFGUID
/default.aspx
ASPDNSFGUID
/disclaimer.aspx
ASPDNSFGUID
/emailproduct.aspx
ASPDNSFGUID
/giftregistrysearch.aspx
ASPDNSFGUID
/invalidrequest.aspx
ASPDNSFGUID
/m-1-ross-nanotechnology.aspx
ASPDNSFGUID
/m-1-ross-technologies.aspx
ASPDNSFGUID
/pagenotfound.aspx
ASPDNSFGUID
/polls.aspx
ASPDNSFGUID
/popup.aspx
ASPDNSFGUID
/rateit.aspx
ASPDNSFGUID
/remove.aspx
ASPDNSFGUID
/scriptresource.axd
ASPDNSFGUID
/search.aspx
ASPDNSFGUID
/searchnx.aspx
ASPDNSFGUID
/sendform.aspx
ASPDNSFGUID
/shoppingcart.aspx
ASPDNSFGUID
/showproduct.aspx
ASPDNSFGUID
/signin.aspx
ASPDNSFGUID
/signout.aspx
ASPDNSFGUID
/sitemap2.aspx
ASPDNSFGUID
/t-about.aspx
ASPDNSFGUID
/t-bacteria.aspx
ASPDNSFGUID
/t-faq.aspx
ASPDNSFGUID
/t-privacy.aspx
ASPDNSFGUID
/t-returns.aspx
ASPDNSFGUID
/t-security.aspx
ASPDNSFGUID
/t-service.aspx
ASPDNSFGUID
/t-shipping.aspx
ASPDNSFGUID
/t-where to buy.aspx
ASPDNSFGUID
/webresource.axd
d
%2EASPXANONYMOUS
referer
ASPDNSFGUID
user-agent
SiteDisclaimerAccepted
client-ip
x-forwarded-for
__utma
__utmb
accept-language
__utmc
__utmz
/wishlist.aspx
ASPDNSFGUID
Possible sensitive directories
/bin
/download
/images/demo
/images/library
/images/orders
/images/upload
Has anyone dealt with fixing these issues?