Hi, I have a website maintained only by PHPMaker but when I did penetration test, I got "Cross-site Scripting" high vulnerability
Attack Details
URI was set to 1<ScRiPt>2Zpq(9578)</ScRiPt>
The input is reflected inside a text element.
HTTP Response
<!-- Main content -->
<section class="content">
<div class="container-fluid">
<div class="error-page">
<h2 class="headline text-warning">404</h2>
<div class="error-content">
<h3><i class="fa-solid fa-triangle-exclamation text-warning"></i> Not Found</h3>
<p>Route '"1<ScRiPt>2Zpq(9578)</ScRiPt>' not found.</p>
</div>
<!-- /.error-content -->
</div>
<!-- /.error-page -->
How can I fix it?