I have a PHP site that fails on the PCI complience and the only error that i am getting is
Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
This is a PHP site on a IIS. what can i do to make this site pass the PCI test.
It depends on how your scanning vendor detected this, and what else you may have done in code to thwart XSS. If they are simply looking at your .net version and you have code that would take care of cross site scripting, then you can report this back to your scan vendor as a false positive. If you don't have code to thwart XSS, your best bet may be to update to .NET version 4.
