PCI Compliance Issues

[bradhurley]

A PCI scan of my website identified injection attack issues with the Wiki module.

I did some testing and was able to execute some javascript code on a Wiki page in one of two ways:

1. By putting the script in the query string (i.e., wiki?topic=<script type="text/javascript">alert('hi');</script>

2. By putting the script in a Wiki comment

Are there any plans to resolve these issues?

[bradhurley]

(Irony) This wiki happened to strip out the script tag that I tried to include in my example above.