Hi bros and sis, just doing a PCI Scan and have got as below
This version of JQuery is susceptible to cross-site scripting when passing HTML from untrusted sources even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others).
Best course of action is to move away from payment methods that store (or process) credit card info locally on your server. If you move to something like Square (or many other modern payment processors) you can drop PCI certifications and save yourself a whole lot of time and money. We have a Square payment addon called Squarepay. You can review it here: https://ez-ms.com/squarepay.html
Hi bros and sis, just doing a PCI Scan and have got as below
This version of JQuery is susceptible to cross-site scripting when passing HTML from untrusted sources even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others).
Upgrade jQuery to version 3.5.0 or higher.
PCI Status Fail
Any idea how to sort it out please?
Regards Marian
This will be fixed in a future CS-Cart version. They are already aware and have implemented a patch.
Not if you are entering the cc data into an Iframe (on the payment provider's site) versus an input field. No cc data is ever on your site (unless of course you write it down which would be bad practice in any environment).