The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Cross-site scripting (xss) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.1
PNP personnel and the public are advised to follow the best practices listed below to prevent cross-site scripting vulnerability:
• Never insert untrusted data except in allowed locations.
• Always sanitize all user input.
• Ensure that systems are audited prior to launching in the Internet. Security measures should be in place.
• Conduct system vulnerability testing before making it available on the Internet.
For additional information, please refer to the following websites:
POINT OF CONTACT