HTML, javascript alert security issue

tbrown1635
tbrown1635 Community Member Posts: 2
I am experiencing this error when I load my HTML version of my courses to the server, can anyone provide some guidance?

<span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">GET /nhsntraining/courses/2018/2018%20HTML/C27OPCSDOM/index.html? </span><b><span style="color: red; font-family: 'CourierNewPS-BoldMT',serif; font-size: 7.5pt;">jmptopg=javascript%3Aalert%2822%</span></b>

<span style="color: black; font-family: 'Calibri',sans-serif;"> <span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;"><body><div style="visibility: hidden; display: none; position: absolute; overflow:</span></span>

<span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">hidden;"><iframe id="ifr_ </span><b><span style="color: black; font-family: 'CourierNewPS-BoldMT',serif; font-size: 7.5pt;">javascript:alert(22) </span></b><span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">" name="</span><span style="color: red; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">ifr_javascript:alert(22)" </span><span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">scrolling="no"</span>

<span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">src="javascript:alert(22)" style="width: 100%; height: 100%; border: 0px; overflow: hidden;</span>

<span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;">visibility: hidden; left: 0px; top: 0px;"></iframe></div></span>

<span style="color: black; font-family: 'CourierNewPSMT',serif; font-size: 7.5pt;"><div id="pgBkAudio" class="pgBkAudio" style="visibility: hidden</span>

<span style="color: black; font-family: 'Calibri',sans-serif;"> </span>

<span style="color: black; font-family: 'ArialMT',serif; font-size: 7.5pt;">Parameter: jmptopg</span>

<span style="color: black; font-family: 'ArialMT',serif; font-size: 7.5pt;">Risk(s): It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate</span>

<span style="color: black; font-family: 'ArialMT',serif; font-size: 7.5pt;">user, allowing the hacker to view or alter user records, and to</span>

 

Comments

  • tbrown1635
    tbrown1635 Community Member Posts: 2
    let me try this again.

     

    jmptopg=javascript%3Aalert%2822%

     

    <body><div style="visibility: hidden; display: none; position: absolute; overflow:

    hidden;"><iframe id="ifr_ javascript:alert(22) " name="ifr_javascript:alert(22)" scrolling="no"

    src="javascript:alert(22)" style="width: 100%; height: 100%; border: 0px; overflow: hidden;

    visibility: hidden; left: 0px; top: 0px;"></iframe></div>

    <div id="pgBkAudio" class="pgBkAudio" style="visibility: hidden

     

    Parameter: jmptopg

    Risk(s): It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate

    user, allowing the hacker to view or alter user records, and to