I got a scan report from my QA team with 500+ XSS vulnerability. I am using laravel 4.1.
Example vulnerable URL: http://www.domain.com/section"><script>prompt(910662)</script>/article
My application doesn's actually executes and displays the alert instead it just shows a pageNotFound error page. Then why the Acunetix Tool shows this as High level Threat of type XSS.
Do i have to return a custom error code ?
I have tried using strip_tags filter but it didn't work. The errors are still the same. Plus they can still inject something like "javascript:alert('1')".
Please help me in resolving these errors.
I changed the response error from Code:404, Message:NotFound to Code:200, Message:Invalid request.
The above resolved the XSS alerts i was getting from the vulnerability scanner.