vulnerable to script injection
-
My hosting provider is saying that two forms in my site ate vulnerable to script injection, do you have an upgrade or patch?
error is as follows:
Using the POST HTTP method, Site Scanner found that :
+ The following resources may be vulnerable to script injection :
+ The ‘item_meta[195]’ parameter of the /boarding-reservation/ CGI :
/boarding-reservation/ [item_meta[195]=msgbox(“foo”);window.alert(‘bar’)
;]
——– output ——–
<span class=”frm_required”></span>
</label>
<textarea name=”item_meta[195]” id=”field_aaftzj” rows=”5″ >msgbox(“foo”
);window.alert(‘bar’);</textarea>
————————
+ The ‘item_meta[486]’ parameter of the /club-barks-job-application/ CGI :
/club-barks-job-application/ [item_meta[486]=msgbox(“foo”);window.alert(
‘bar’);]
——– output ——–
<label class=”frm_primary_label”>Please list 3 references – name a […]
</label>
<textarea name=”item_meta[486]” id=”field_r4bpvz” cols=”22″ class=” aut
o_width”>msgbox(“foo”);window.alert(‘bar’);</textarea>
————————
Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:86
- The topic ‘vulnerable to script injection’ is closed to new replies.
