> I have added the #htmlEditFormat# TAG and will monitor the site over > the coming weeks and she what happens > > Thanks for everyone who helped!
"The Feedback section is entered with an administration section and this is locked down with a username and password." If you say the person doing this has already signed into your admin app, try recording their IP address when they add the XSS code. Then fire them. If you have access to the web logs and the time they've added this malicious code (timestamp), you could look back at the ones they've already entered. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331970 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
