I'm getting Cross-Site Scripting Vulnerable Findings via Smartattacks scanning which is causing my organization to no allow the site to go live. Is this a false positive? Anyone else getting this or have an idea of how to go around this issue. I'm using 7.1.1. here is the report:
Cross-Site Scripting
1. Vulnerable (High, HARM: 320) at: ……
Injected item: POST: dnn$dnnSearch$txtSearch
Injection value: ">alert(13779325.197)
Detection value: 13779325.197
Cross-Site Scripting
2. Vulnerable (High, HARM: 320) at: …….. /SearchResults/tabid/84/Default.aspx?Search=testval
Injected item: GET: Search
Injection value: ">alert(13779325.3267)
Detection value: 13779325.3267