Datafeedr Support Forums  

Go Back   Datafeedr Support Forums > Current Version (V3) Forum > Problems
Home Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Important - The support forums are now in "read-only" mode as we transition to an alternative help desk solution. Feel free to contact us here with any of your questions or search the forums for an existing solution.
 
 
Thread Tools Search this Thread Display Modes
  #1  
Old January 21st, 2015, 05:43 AM
stevenlalwani stevenlalwani is offline
 
Join Date: Nov 2014
Posts: 58
Default CSRF

Health.humongousmall.com

I have Sitelock on Humongousmall.com.

I received the following vulnerability warning on one of the sub domains:

URL:http://health.humongousmall.com/store/search/?=Find it!&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,price,tags,word

URL:http://health.humongousmall.com/store/search/?=Find it!&brand=1&price=1&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:,brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in args:brand,price,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word

URL:http://health.humongousmall.com/stor...&tags=1&word=1
Cross site scripting vulnerability found in argsrice,tags,word


How do fix this?
  #2  
Old January 21st, 2015, 08:57 AM
Eric's Avatar
Eric Eric is offline
Datafeedr Team
 
Join Date: Feb 2008
Posts: 16,902
Default

Hi

You should ask Sitelock how to go about fixing those. They are the ones that will know why those URLs are triggering XSS vulnerability messages.

Eric
  #3  
Old January 23rd, 2015, 10:14 PM
stevenlalwani stevenlalwani is offline
 
Join Date: Nov 2014
Posts: 58
Default

Is the datafeeedr plugin protected against CSRF, malware injection,
especially the Search bars?
  #4  
Old January 24th, 2015, 10:35 AM
Eric's Avatar
Eric Eric is offline
Datafeedr Team
 
Join Date: Feb 2008
Posts: 16,902
Default

Yes.
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 04:45 PM.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.