Application is insecure

I submit my application for review they said application is unsecure see the attached images. Please let me know how to resolve and submit again. I am using Laravel.

1 Like

Given that the XSS vulnerability is on the “about” page and occurs before the onload event fires per their screenshot, it’s reasonable to assume they injected the script from the admin panel’s content editor for that page, right?

If that access is restricted to site admins, I don’t see a huge issue with allowing scripts there, but the reviewer managed to trigger it on your live demo. That’s not acceptable – do not allow live demo visitors to change the website’s content, it will be heavily abused. Otherwise, you will need to do some strict content filtering to remove script tags and JS event attributes like onclick, which will not be fun.

Also, it’s strongly recommended to use SSL for live demos.

I got the same problem, I fixed XSS but still they rejected without any explanation https://demo.xtremehosted.com/