I manage a site that has the seal of the armored site, recently I received an email from the armored site saying that its core had changed and the new scans could identify new errors.
As expected, new bugs were identified that were properly fixed, except for XSS errors on a single page.
The page in question is: link
And the error pointed out is:
Cross-Site Scripting vulnerability found. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection. Injected request #: 2 Injected item: GET: IdSecao Injection value:
>"><sVg/OnLOaD=alert(14417575.00347)>Detection value: alert (14417575.00347)
The problem is: I can not reproduce the flaw, it does not seem to be happening to me. But the armored site keeps pointing out the error.
How to solve?