I have two sites that accept CC and must be PCI compliant. they just informed me that we are failing three issues. Anyone know hot resolve.
Here they are:
CGI Generic XML Injection. A CGI application hosted on the remote web server is potentially prone to an XML injection attack.
Web Server Uses Basic Authentication Without HTTPS. The remote web server seems to transmit credentials in cleartext.
Web Server Transmits Cleartext Credentials. The remote web server might transmit credentials in cleartext.

site: metalmarkingmachines.com

Hi

Those appear to be server related rather than anything in the software. Can you pass that onto your host and see if they can sort it out for you?

Andy

Please feel free to review / rate our software

Thanks Andy. I did already and of course they said it was software related. I will go back to them now. I will keep you informed.

Andy,
What is the folder assets for in this string? Is it needed for running ECT?
URL : https://www.dogtagmachines.com/assets/js/vendor/jquery-1.10.2.min.js

Installed version : 1.10.2 Fixed version : 1.12.0

You can download a more recent version here https://jquery.com/download/

or change the reference on your pages to

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>

Andy

Please feel free to review / rate our software

Hi Tommieboyz
For this issue...

quote:

---

A CGI application hosted on the remote web server is potentially prone to an XML injection attack.

---

Do you have any more information, such as an example URL? If so, can you send it to my email (vince AT ecommercetemplates DOT com).

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks Vince. I just sent the info.