Announcement

Collapse
No announcement yet.

Cross Site Scripting (XSS)

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Cross Site Scripting (XSS)

    We've just upgraded to V9.0.1 which we uploaded on Thursday/Friday. Scanalert crawled the site on Saturday and failed us (again) for Cross Site Scripting vulnerabilities.

    This has been with us since V7 and was promised to be fixed once and for all in V9.0.1. Just a warning to everyone else who has this issue
    John Sollars
    MD at Stinkyink.Com
    Ph 01746 781020
    Fx 01746 781698
    Em John (at) Stinkyink dot Com
    Tags: None
    #2
    Hi John,

    I'm surprised there is still scanalert warning with the scripts. As far as I'm aware we have closed down several doors in 9.0.1. An not only the reported ones but the scripts were reviewed for any possible leaks.
    Anyway can you drop me a private message about the vulnerability discovered and I get it investigated as a priority.
    Zoltan
    Actinic Software
    www.actinic.co.uk

    Comment

      #3
      False Alarm

      My apologies to Zoltan and the Actinic Crew!.

      The initial vulnerability was still with V9.0.0 It was only when we tried applying the scripts in V9.0.1 yesterday that we realised they were already included. Scanalert has just done another Scan and we passed fine.

      Once again my apologies
      John Sollars
      MD at Stinkyink.Com
      Ph 01746 781020
      Fx 01746 781698
      Em John (at) Stinkyink dot Com

      Comment

        #4
        Hi John,

        Thanks for the update on this. I'm glad the new files passed Scanalert.

        No problem at all. It's better to have a few false alarms than a missed one.
        Zoltan
        Actinic Software
        www.actinic.co.uk

        Comment

        Previous template Next
        Working...
        X