WordPress.org

Ready to get started?Download WordPress

Forums

Visual Form Builder
Godaddy Site Scanner Warnings (1 post)

  1. slappman
    Member
    Posted 1 year ago #

    The site we use Visual Form Builder Pro on happens to be hosted by Godaddy and their site scanner keeps reporting a warning that has to do with the pages we have forms on. Any ideas as to how we can address what this site scanner is complaining about would be appreciated. Thanks in advance.

    Warning Message:
    Your website contains pages that do not properly sanitize visitor‑provided input to make sure
    it contains no malicious content or scripts. Cross‑site scripting vulnerabilities let
    malicious users execute arbitrary HTML or script code in another visitor's browser.

    Partial Output of the Warning:
    Using the GET HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to cross-site scripting (quick test) :
    + The 'vfb-spam' parameter of the /insurance/auto/ CGI :
    /insurance/auto/?vfb-spam=--><script>alert(112)</script>
    -------- output --------
    <input type="submit" name="visual-form-builder-submit" id="sendmai [...]

    </fieldset><input type="hidden" name="vfb_referral_url" value="http://in
    surancemadeeasy.com/insurance/auto/?vfb-spam=--><script>alert(112)</scri
    pt>"></form></div> <!-- .visual-form-builder-container -->
    </div><!-- .entry-content --> <footer class="entry-meta"> [...]
    ------------------------
    + The 'D' parameter of the /insurance/professional/ CGI :
    /insurance/professional/?D=--><script>alert(112)</script>
    -------- output --------
    <input type="submit" name="visual-form-builder-submit" id="sendmai [...]

    </fieldset><input type="hidden" name="vfb_referral_url" value="http://in
    surancemadeeasy.com/insurance/professional/?D=--><script>alert(112)</scr
    ipt>"></form></div> <!-- .visual-form-builder-container -->
    </div><!-- .entry-content --> <footer class="entry-meta"> [...]

    http://wordpress.org/extend/plugins/visual-form-builder/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.