Phoca Forum

Support for Phoca Extensions
https://phoca.cz/forum/

sitelock xss vulnerability

https://phoca.cz/forum/viewtopic.php?t=25611

Page 1 of 1

sitelock xss vulnerability

Posted: 24 Mar 2014, 16:31
by apsnemsf
Hello,
I have received the following from a sitelock scan of my site:

URL:http://www.adventureparagliding.com/ind ... ed20cbd373
feb8d=1
Cross site scripting vulnerability found in args:0a642c3915808c407ed20cbd373feb8d,controller
URL:http://www.adventureparagliding.com/ind ... ed20cbd373
feb8d=1&586bb09e58848feaa9b484e3a1ddf34d=1
Cross site scripting vulnerability found in args:0a642c3915808c407ed20cbd373feb8d,586bb09e58848feaa9b484e3a1ddf34d,controller
URL:http://www.adventureparagliding.com/ind ... 9b484e3a1d
df34d=1
Cross site scripting vulnerability found in args:586bb09e58848feaa9b484e3a1ddf34d,controller
I have the most updated version of phoca gallery and not sure why i am getting this problem. Please advise.

Re: sitelock xss vulnerability

Posted: 25 Mar 2014, 22:57
by Jan
Hi, which version of Phoca Gallery you are using, testing now cannot confirm any issue with the links :idea:

Re: sitelock xss vulnerability

Posted: 26 Mar 2014, 03:12
by apsnemsf
Version

3.2.7

Sitelock says the above reference files as well as several others of the same origination are xss vulnerable and have removed my badge from my page.

Re: sitelock xss vulnerability

Posted: 28 Mar 2014, 17:49
by Jan
Hi, testing now again and see nothing vulnerable in the code above :idea:

Jan
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited