Wordpress Themes - WP Forum at BFA
Click here to register or to donate.
Auto self-registration is not available here - far too many spammers. This forum has many, many backlinks and because of that there is an intense desire among spammers to drop their links here.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

Sitelock issue

Old Jul 14, 2018, 11:30 AM
80 posts · Jan 2010

I use Sitelock on one of the servers where I have a few Atahualpa installations. Just this week they started alerting me with a security message which seems connected to Atahualpa code. Not sure if it's legit or if they're just trying to get me to upgrade. :/

But here's what they're saying:

Severity: Medium

Category: xss

Summary: Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)

Description: Providing any of the following fields with string such as: "><script>alert(1);</script> results in the script element getting appended after the respective input element when the request returns from the server: "comment_feed_link", "home_cat_menu_bar", "email_subscribe_link", "home_single_next_prev", "email_subscribe_link_title", "feedburner_email_id", "excerpt_length", "page_menu_bar_link_color", "cat_menu_bar_background_color_parent", "cat_menu_bar_link_color", "left_col_pages_exclude", "widget_lists link-hover-color", "left_col2_cats_exclude" The solution to this issue is to encode as html all the user-provided parameters before they are returned to the browser.


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Could someone please help me with a URL issue? philip2001 New Versions, & Updating 1 Jun 5, 2012 08:16 AM
Odd CSS issue Sven Atahualpa 3 Wordpress theme 7 Nov 10, 2011 06:28 AM
[SOLVED] Can't edit posts - edits vanish - Virus? Theme Issue? WP Issue? jfrenaye Atahualpa 3 Wordpress theme 1 Aug 4, 2009 07:14 AM

All times are GMT -6. The time now is 11:49 AM.

Powered by vBulletin® Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.