Forum Discussion

Copper Contributor

Mar 20, 2025

Solved

C# code causing XSS vulnerability

Hello, We get a vulnerability scan that is show that one of my pages is susceptible to a XSS attack. We are using a telerik tree view to display different data when the nodes are expanded. This is...

ASP.NET (Classic)

jerry_Tomson
Mar 22, 2025
sanitize input and encode output update telerik enable CSP and re run the security scan the prevent XSS

jerry_Tomson

Copper Contributor

Mar 22, 2025

sanitize input and encode output update telerik enable CSP and re run the security scan the prevent XSS

Jerry8989-
Copper Contributor
Mar 24, 2025
Hi Jerry,

Thank you for your help. This has been one of the most frustrating problems. This site has been fine for many years and now our computing dept software is saying it's XSS vulnerable. This page has 1 tree view and many checkboxes per node. There is no other user input. On click on the tree I populate the next branch of data, is that considered the input? I'm going to work on enabling CSP for the telerik tree view and see if that will cure it. Thanks again
- Jerry8989-
  Copper Contributor
  Apr 01, 2025
  Hi Jerry,
  I ended up contacting Telerik and they informed me that this issue is a false positive and that their controls are fine and that I should be OK going forward. You suggestion did help a lot, I was able to apply them to my site and the issue was still there. That made me realize that there has to be something else going on and that is when I reached out to Telerik.
  Thank you