Broadscope theme vulnerable to Cross-site scripting attacks? « Support Forum | Kriesi.at

Broadscope theme vulnerable to Cross-site scripting attacks?

4 posts from 4 voices

Tags:

greensleeves32
Member

I recently got this message from a stranger via my contact form on my website (www.dancinshoesdj.com). Is there anything to it?

I'm a Finnish security researcher. This site is vulnerable to reflected Cross-site Scripting attacks. Please see my web-site - latest blog entry - about the issue that affects multiple themes by Kriesi.

I would have posted this information to Kriesi\'s support forum, but I\'m not their customer and therefore cannot login. I feel I must now contact some vulnerable sites, because you have the possibility to ask for corrections from the developer.

Kind Regards,
Janne Ahlberg
http://jannefi.blogspot.fi/

Posted 6 months ago #
Mya

Hi greensleeves,

I believe Kriesi is already aware of the issues Janne presents but just in case I'm tagging Kriesi as well as the rest of the support team to this thread.

Regards,
Mya

Posted 6 months ago #
Dude
Dude

Hi!

See: http://www.kriesi.at/support/topic/xss

Best regards,
Peter

Posted 6 months ago #
Kriesi
Key Master

Hi!

I am aware and the updates are already in the pipeline, once they are approved from themeforest you will be able to download them ;)

Regards,
Kriesi

Posted 6 months ago #

This topic has been closed to new replies.