Support Forum - Topic: Cross-scripting issue with Submit News function?

Support Forum - Topic: Cross-scripting issue with Submit News function? http://www.kriesi.at/support/topic/cross-scripting-issue-with-submit-news-function Support Forum - Topic: Cross-scripting issue with Submit News function? en-US Tue, 21 May 2013 04:55:22 +0000 http://bbpress.org/?v=1.0.2 <![CDATA[Search]]> q http://www.kriesi.at/support/search.php Dude on "Cross-scripting issue with Submit News function?" http://www.kriesi.at/support/topic/cross-scripting-issue-with-submit-news-function#post-32951 Thu, 24 Nov 2011 07:22:40 +0000 Dude 32951@http://www.kriesi.at/support/ Hey, I don't think this applies to our template because the user input is converted/treated as text variables only and the server won't execute it. It just sends the text content to your mail client with the php mail() function. Basically the user can enter anything he like but unless the code isn't executed nothing will happen. You just get a wired mail.... crsbrgs on "Cross-scripting issue with Submit News function?" http://www.kriesi.at/support/topic/cross-scripting-issue-with-submit-news-function#post-32889 Wed, 23 Nov 2011 17:51:32 +0000 crsbrgs 32889@http://www.kriesi.at/support/ Hi, I am using the security scan from websiteprotection.com and they issued a warning "Your Web server is vulnerable to cross-site scripting attacks." Is there a patch for that? "Description: Your website contains pages that do not properly sanitize visitor-provided input to make sure it contains no malicious content or scripts. Cross-site scripting vulnerabilities let malicious users execute arbitrary HTML or script code in another visitor' s browser. See Also: <a href="http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent" rel="nofollow">http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent</a> <a href="http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html" rel="nofollow">http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html</a> <a href="http://projects.webappsec.org/Cross-Site+Scriptin" rel="nofollow">http://projects.webappsec.org/Cross-Site+Scriptin</a> <a href="http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#Escaping_.28aka_Output_Encoding.29" rel="nofollow">http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#Escaping_.28aka_Output_Encoding.29</a> Risk Factor: Medium / CVSS Base Score : 4.3(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution: Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade. Output: Using the POST HTTP method, Site Scanner found that : + The following resources may be vulnerable to cross-site scripting (comprehensive test) : + The 'website' parameter of the /wp-content/themes/newscast/submit_news.php CGI : /wp-content/themes/newscast/submit_news.php [website=<<<<<<<<<<foobar204 >>>>>&imageURL=&myblogname=The Technocon News Submission&height=580&widt h=420&iframe=true&Subject=&message=&email=&yourname=&Send=Send&myemail=s (addressdeleted)@live.com] -------- output -------- <label for="email">E-Mail*</label><input name="e [...] <label for="website">Full Story Link*</label><input name="website" cl ass="text_input is_empty" type="text" id="website" size="20" value="<<<< <<<<<<foobar204>>>>>"/> <label for="imageURL">Preview Image URL</label><input name="ima [...] ------------------------ Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:87, CWE:85, CWE:86, CWE:84