Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Atahualpa 3 Wordpress theme (http://forum.bytesforall.com/forumdisplay.php?f=2)
-   -   Sitelock issue (http://forum.bytesforall.com/showthread.php?t=24028)

rickpoet Jul 14, 2018 12:30 PM

Sitelock issue
 
Howdy,

I use Sitelock on one of the servers where I have a few Atahualpa installations. Just this week they started alerting me with a security message which seems connected to Atahualpa code. Not sure if it's legit or if they're just trying to get me to upgrade. :/

But here's what they're saying:

Severity: Medium

Category: xss

Summary: Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)

Description: Providing any of the following fields with string such as: "><script>alert(1);</script> results in the script element getting appended after the respective input element when the request returns from the server: "comment_feed_link", "home_cat_menu_bar", "email_subscribe_link", "home_single_next_prev", "email_subscribe_link_title", "feedburner_email_id", "excerpt_length", "page_menu_bar_link_color", "cat_menu_bar_background_color_parent", "cat_menu_bar_link_color", "left_col_pages_exclude", "widget_lists link-hover-color", "left_col2_cats_exclude" The solution to this issue is to encode as html all the user-provided parameters before they are returned to the browser.


All times are GMT -6. The time now is 12:50 PM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.