Script tags in log entry source

  • Resolved Sean Thompson

    (@seanthompson)


    5 years ago

    Hi @te_taipo

    Had an odd thing happen when navigating to settings page in Chrome (Iridium). Got a popup that says xss. It was caused by alert(“xss”) enclosed in script tags in the source code of one of the log entries. I have screen shots. Don’t see a way to add them here though.

    …Sean

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author te_taipo

    (@te_taipo)

    Thanks Sean. You can find my email in the plugin settings if you want to email the screen shots to me.

    Thread Starter Sean Thompson

    (@seanthompson)

    Thanks for your quick reply. I sent the screenshots to your email.

    Plugin Author te_taipo

    (@te_taipo)

    Thanks again. Having made sure you have the latest version of Pareto Security, can you check again please to see if that pop-up occurs.

    Thread Starter Sean Thompson

    (@seanthompson)

    I had to update manually because the available update doesn’t show in admin. Not sure if this is because this is listed as incompatible with ClassicPress in the repository.

    I’ll give it some time before I update my other sites. Maybe it’s just a delay, and the update will eventually show in the admin.

    When I deactivated, uploaded the new files, and reactivated it erased the entire log and reset the settings. Being the entry that caused the pop up isn’t there anymore, I can’t give you a definitive answer. I’ll just have to wait and see if it happens again.

    Thanks for the great support.

    …Sean

    Plugin Author te_taipo

    (@te_taipo)

    Thanks for that Sean. That makes sense. Let me know if it occurs again and many thanks again for your attention to this issue.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Script tags in log entry source’ is closed to new replies.

Tags