We have integrated the cute editor for .net with our application.

Recently we have ran a security scan by using Acunetix tool and found the following alert in the report. The tool shows the cross site scripting affected in ../cuteeditor/dialogs/tag.aspx file.

Could you please provide how to avoid this security issue. 

The report from the tool

Affected items:

/cutesoft_client/cuteeditor/dialogs/tag.aspx  

Details:

URL encoded GET input Theme was set to Office2003_BlueTheme' onmouseover=prompt(919401) bad='  The input is reflected inside a tag parameter between single quotes.  

Request headers:

(line truncated)  ...S5DdXRlRWRpdG9yUHJvdmlkZXJzLkN1c3RvbWVyRGF0YUZpbGVTdG9yYWdlLCBDdXRlRWRpdG9yUHJvdmlkZX  JzLCBWZXJzaW9uPTkuMi4wLjEyNDA4LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwvRTpcS0  JEYXRhXGtub3dsZWRnZWJhc2VccHVibGljZmlsZXNcMTJcV2ViZmlsZXMPL3BmLzEyL1dlYkZpbGVzDy9wZi8xMi  9XZWJGaWxlcw8vcGYvMTIvV2ViRmlsZXMPL3BmLzEyL1dlYkZpbGVzDy9wZi8xMi9XZWJGaWxlcw8vcGYvMTIvV2  ViRmlsZXMr2EE!1aMzy4MQMr8PMdrNbxAuMGfEHw4r1icMVlJO9hg!2!2&Tab=Style&Tag=A&Theme=Office20  03_BlueTheme'%20onmouseover%3dprompt(919401)%20bad%3d' HTTP/1.1  Connection: Keep-alive  Accept-Encoding: gzip,deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)  Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)  Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Accept: */*