We are trying to fix the following PCI vulnerabilit
Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability
The current workaround for this issue is as follows:
In web.config, in the <system.web> section, add:
However,the external website does not contain thesystem.web section. If we add it there, the site breaks.
1. What is the best way to fix this vulnerability? Can we add this header somewhere else?
2. Can we update the application pool in IIS to ASP.net 4 from 2.0? According to our security team that will fix the problem as well.
Any help is greatly appreciated. Thank you