23 Replies Latest reply on Aug 11, 2017 12:30 PM by Erin Van Leer

    Security : Server side validation / SQL injection / XSS

      Hi,
           
           Our security scan on Marketo form is now revealing that Marketo form accepts invalid inputs such as HTML code etc.
      For example, <script>Alert(‘Hacked’);

      This flaw may cause several security issues, such as SQL Injection, Cross site scripting (XSS), etc.

      I do many researches on Marketo community and find no articles talking about how Marketo handle such invalid inputs/SQL injection/XSS on Marketo form.

      Does Marketo have server side validation or any security mechanisms to validate invalid inputs and mitigate risks such as SQL injection, Cross site scripting (XSS), etc.? Any suggestion to overcome this security flaw is appreciated.
           
           Thank you in advance for all comments.
           Regards,
           Taworn D.