Datafeedr Support Forums  

Go Back   Datafeedr Support Forums > Current Version (V3) Forum > Problems
Reload this Page CSRF
Home Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Important - The support forums are now in "read-only" mode as we transition to an alternative help desk solution. Feel free to contact us here with any of your questions or search the forums for an existing solution.
 
 
Thread Tools Search this Thread Display Modes
  #1  
Old January 21st, 2015, 05:43 AM
stevenlalwani stevenlalwani is offline
 
Join Date: Nov 2014
Posts: 58
Default CSRF
Health.humongousmall.com

I have Sitelock on Humongousmall.com.

I received the following vulnerability warning on one of the sub domains:

URL:http://health.humongousmall.com/store/search/?=Find it!&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,price,tags,word

URL:http://health.humongousmall.com/store/search/?=Find it!&brand=1&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word


How do fix this?
  #2  
Old January 21st, 2015, 08:57 AM
Eric's Avatar
Eric Eric is offline
Datafeedr Team
  
Join Date: Feb 2008
Posts: 16,902
Default
Hi

You should ask Sitelock how to go about fixing those. They are the ones that will know why those URLs are triggering XSS vulnerability messages.

Eric
  #3  
Old January 23rd, 2015, 10:14 PM
stevenlalwani stevenlalwani is offline
 
Join Date: Nov 2014
Posts: 58
Default
Is the datafeeedr plugin protected against CSRF, malware injection,
especially the Search bars?
  #4  
Old January 24th, 2015, 10:35 AM
Eric's Avatar
Eric Eric is offline
Datafeedr Team
  
Join Date: Feb 2008
Posts: 16,902
Default
Yes.
 

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 05:07 PM.

Contact Us - Datafeedr Support Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.