ContentPlaceHolder1

TabContainer1

TabPanel3

How to prevent cross-site scripting security issues which returned in app scan as high vulnerability.
See the scan result below:

Entity: Parameter:ctl00$ContentPlaceHolder1$TabContainer1$TabPanel3$txtSearches
Risk(s): It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user,
allowing the hacker to view or alter user records, and to perform transactions as that user
Fix: Filter out hazardous characters from user input

ctl00%24ContentPlaceHolder1%24TabContainer1%24TabPanel3%24txtSearches=1234"/>%uff1cscript%uff1ealert%uff081312%uff09%uff1c/script%uff1e

After got the scan result I added regular expression validation to txtSearches textbox to block non-alphanumeric inputs and rescaned the application but again returned the same vulnerability.

ContentPlaceHolder1

TabContainer1

TabPanel3