aspdaddy - 6:07 pm on Jun 13, 2011 (gmt 0)
Your company. Software and resources to test these vulnerabilities is freely available - the web if full of attack sinatures to type into forms and urls - you should have tested one of thier sites before using them.
I wouldnt spend too much on fixing it, SQL/XSS attacks evolve quickly & its an indication of potentially more worrying problems. I'd look to a new system/supplier as it will be cheaper in the long run