Possible XSS-Vulnerabilities
-
Hi,
has this possible Cross Site Scripting Vulnerability been fixed or is it false positive?
->
https://xforce.iss.net/xforce/xfdb/78782Plus I have found a possible XSS problem myself:
In https://SITE/wp-content/plugins/sociable/js/addtofavorites.js?ver=3.5
Location “var url = location.href;” and elem.setAttribute(‘href’,url);
you use the HREF attribute without content-cleaning. Thus an attacker could inject own code (e.g. JavaScript) which will find its way into the Location Header.Kind regards
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Possible XSS-Vulnerabilities’ is closed to new replies.