GoDaddy warnings of 'cross scripting attacks'

  • We have our site and our zencart store set up on a GoDaddy account and as part of that, they provide free site scans. It’s important to our client that they have the GoDaddy verified Safe graphic up so their customers feel secure using the site and the online store.

    But GoDaddy has lately been giving us ‘warnings’ through their scans that “Your Web server is vulnerable to cross-site scripting attacks”. And it lists the zencart store directories as the place where they are finding the code.

    Their instructions for resolving the issue are to ‘contact the vendor’ (in this case, I presume ZenCart would be the ‘vendor’) and have them make a patch that fixes the vulnerability. Changing the code in ZenCart is beyond my pervue as the site designer. Whom should I contact at Zencart to address this?

    Here are the details of the warnings that GoDaddy shows through their site scan page:

    Using the POST HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to cross-site scripting (comprehensive test) :
    + The ‘initials’ parameter of the /185-2/order-ammo/ CGI :
    /185-2/order-ammo/ [initials=%FF%FE%3C%73%63%72%69%70%74%3E%61%6C%65%72%
    74%28%32%30%33%29%3C%2F%73%63%72%69%70%74%3E]
    ——– output ——–

    <input type="hidden" name="terms-and-conditions" value="true" />
<input type="hidden" name="tou_referrer" value="" />
Initials <input type="text" name="initials" size="4" value=" <script>al
ert(203)</script>" /></p>
<p class="submit">
<input id="agree" type="submit" value="I Agree" name="agree"/>

    ————————
    Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:87, CWE:85, CWE:86, CWE:84

    It says we need to ‘contact the vendor’ and ask them to patch to resolve this. I’m presuming it’s WordPress that is ‘the vendor’ in this case since they do all the coding. We run the most current version of WordPress, so patching to the latest version is not the solution. Any advice/help is appreciated.

Viewing 7 replies - 1 through 7 (of 7 total)

  • That code is nothing to do with WordPress itself.

    Thread Starter Gungrinner

    (@gungrinner)

    Given that the site was made through wordpress with no custom coding that I know of (I am no coder, and would not presume to even try tinkering with the code), where else would the code originate from?

    And if WordPress has nothing to do with it, then what might be done to resolve GoDaddy’s insistence that the coding is the cause? I’d love to see it fixed, but I’m sure any fiddling I try with the code would only make things worse…

    where else would the code originate from?

    Are you using the default wordPress theme? If not, the theme may be an issue. What about plugins? Install any of them? They are not part of WordPress core either. You also said you were running ZenCart. That’s nothing to do with WordPress.

    Thread Starter Gungrinner

    (@gungrinner)

    Yep, got plug-ins and zencart installed.

    We’re using a default wordpress theme – one of THE most default ones there is, the twelve-eleven theme.

    If the plug-ins or Zencart are the culprit, would then be the ones to supply this ‘patch’ that GoDaddy claims we need to be warning-free of these potential cross-scripting attacks?

    The code posted above is definitely not from WordPress core or the Twenty Eleven theme. so you first need to determine if this is coming from one of your plugins or Zencart and then follow through accordingly. All I can say is that the code seems to be related to a T&C agreement – if that helps at all.

    Thread Starter Gungrinner

    (@gungrinner)

    Alas, no – I’m no coder, so tracking down whatever character or combination of characters is causing the warnings is beyond my ken. The clients insisted that there be an age verification function to the site to prevent anyone under the age of 21 from using the online shopping cart.

    We have a plug-in called ‘Terms of Use’ installed to that end. Could this be the culprit? Should we inquire of them?

    Could this be the culprit? Should we inquire of them?

    Yes. And yes.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘GoDaddy warnings of 'cross scripting attacks'’ is closed to new replies.