I scanned my site in order to pass PCI and came up with some of them are :
- “CGI Generic Cross-Site Request Forgery Detection (potential)”
According to this document
Qualys Discussions (QID 90780 FAQ: Microsoft ASP.NET ValidateRequest Filters Bypass Cross-Site Scripting Vulnerability)
ASP.NET versions 1 and 2 are both vulnerable. my version is 4.0 as you can see my HTTPHeaders
X-AspNetMvc-Version: 3.0
Cache-Control: private
Content-Type: text/html; charset=utf-8
Set-Cookie: 51D=; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/,ASP.NET_SessionId=*; path=/; HttpOnly
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 09 May 2013 10:50:45 GMT
Content-Length: 15514
Any idea about that??
Thanks