Datafeedr Support Forums

Datafeedr Support Forums (http://www.datafeedr.com/forums/index.php)
-   Problems (http://www.datafeedr.com/forums/forumdisplay.php?f=68)
-   -   CSRF (http://www.datafeedr.com/forums/showthread.php?t=11466)

stevenlalwani January 21st, 2015 05:43 AM

CSRF
 
Health.humongousmall.com

I have Sitelock on Humongousmall.com.

I received the following vulnerability warning on one of the sub domains:

URL:http://health.humongousmall.com/store/search/?=Find it!&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,price,tags,word

URL:http://health.humongousmall.com/store/search/?=Find it!&brand=1&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:price,tags,word


How do fix this?

Eric January 21st, 2015 08:57 AM

Hi

You should ask Sitelock how to go about fixing those. They are the ones that will know why those URLs are triggering XSS vulnerability messages.

Eric

stevenlalwani January 23rd, 2015 10:14 PM

Is the datafeeedr plugin protected against CSRF, malware injection,
especially the Search bars?

Eric January 24th, 2015 10:35 AM

Yes.


All times are GMT -5. The time now is 10:49 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.