PCI Compliance Scan Fix (Cross-Site Scripting (XSS) Vulnerability) -- 2

Hello, I need help with fixing three items from a failed PCI Compliance Scan. All three items are concerned with "Reflected Cross-Site Scripting (XSS) Vulnerability". Here´s an extract from the PCI Compliance Report from Trustwave: ######################## Port: tcp/80 A reflected cross-site scripting vulnerability was identified in this web application. Reflected cross-site scripting is when HTML or Javascript content is supplied to a user defined parameter to have it then displayed (aka: reflected) back to the user and rendered or interpreted by their browser. This web site responded to a harmless web request that included Javascript/HTML which was reflected back, indicating that the underlying web application may be vulnerable to being used in a cross-site scripting (XSS) attack. While this vulnerability does not exploit the web server itself, it can be utilized by an attacker to target end-users and potentially take over their sessions or other sensitive information. A simple proof of concept example of this would be for a user to supply "<script>alert('123')</script>" to a user defined parameter and then upon submission, a message box would pop- up for the user because the user defined content was used to modify the content of the responding page. Cross-site scripting can be found in many different forms and combinations so the full request and response that was used demonstrate this vulnerability has been provided below as evidence. All Cross-Site Scripting vulnerabilities are considered non- compliant by PCI. CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N Service: http ######################## For the right developer this shouldnt take too much time. But please, only bid if you can proceed. I will be able to provide more details, and the full report upon accepting an offer. Let me know if you have any questions prior to bidding.