my site scanner says that my site is vulterable to xss attacks – this is the message I get
Using the POST HTTP method, Site Scanner found that :
+ The following resources may be vulnerable to cross-site scripting (quick test) :
+ The ‘avia_e-mail’ parameter of the /contact-us/ CGI :
[…] “avia_e-mail” value=”–><script>alert(112)</script>”/><label for=”avia_e […]
every time the site scanner does a scan a get a WHOLE BUNCH of blank contact form emails
What version of Replete do you have installed?
Since I have not had any reports lately and a security expert also checked the site for XSS vectors some time ago I would say that this is a false alarm. Trying to enter any form of script tag to produce an XSS output didnt work for me yet, I am going to do a few more tests though, just to make sure ;)
ok.. there must be a vulnerability though, because of all the blank contact emails I get, despite there being a catcha or the agree to T&C box checked…
The topic ‘Vulnerable to Cross site scripting’ is closed to new replies.