I'm new to Zen Cart and about to launch a new webstore using version 1.3.9h. After undergoing a PCI compliance scan, I'm having problems solving the following vulnerability:
Description: Web server allows cross-site scripting Severity: Area of Concern Impact: A malicious web site could cause arbitrary commands to run on a client through a specially crafted link to the vulnerable server. In some cases, this could result in the compromise of the client's cookies, leading to unauthorized access to web applications.
The scan results suggested creating a custom 404 page which I did via the 'Define Pages Editor' and adding
# Specify 404 Error page
ErrorDocument 404 /PAGE_NOT_FOUND
to the .htaccess file.
This didn't resolve it. Any help would be greatly appreciated!
Bookmarks