||Thread Tools||Display Modes|
Allure theme security problem- help needed
I have been using the Allure theme for a while now. I have recently put a security site scanner in place to scan my website for security issues. It found issues with the Allure theme. I have added the information below. Please if you would advise on what to do to correct this situation.
Question Dispute Resolve Port: http (80/tcp)
Not yet addressed
The remote web server is prone to cross-site scripting attacks.
The remote web server hosts cgi scripts that fail to adequately sanitize
an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
These XSS are likely to be 'non persistent' or 'reflected'.
http://en.wikipedia.org/wiki/Cross_s...Non-persistent http://jeremiahgrossman.blogspot.com...-pointing.html http://projects.webappsec.org/Cross-Site+Scripting
Medium / CVSS Base Score : 4.3(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution:Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.
Using the GET HTTP method, Site Scanner found that :
+ The following resources may be vulnerable to cross-site scripting (quick test) :
-------- output --------
file not found <script>alert(42);</script>
|Thread||Thread Starter||Forum||Replies||Last Post|
|WP Security Problem: MySQL Injection Schema, Dataext, and fuzzer||adi||General Discussion||4||08-17-2010 04:29 PM|
|Allure down menus problem with Safari||yogamoo||General Discussion||4||05-22-2010 06:20 PM|
|Google Analytics Problem in Allure||LindsyOrr||General Discussion||6||02-10-2010 05:57 AM|
|Streamline Theme - Possible Security Issue?||lfaber||General Discussion||3||08-17-2009 11:29 AM|