WordPress.org

Ready to get started?Download WordPress

Forums

The Events Calendar
Xss Vulnerabilitie (1 post)

  1. Damian
    Member
    Posted 2 years ago #

    I recently scanned my site with goddaddy site scanner tool and it gives me some warnings i want to share. Is safe to use the plugin?

    Description:
    Your website contains pages that do not properly sanitize visitor‑provided input to make sure it contains no malicious content or scripts. Cross‑site scripting vulnerabilities let malicious users execute arbitrary HTML or script code in another visitor'
    s browser.

    Risk Factor:
    Medium / CVSS Base Score : 4.3(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

    Solution:
    Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

    Output:
    Using the GET HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to cross-site scripting (comprehensive test) :
    + The 'EventJumpToYear' parameter of the /events/category/conference CGI :
    /events/category/conference?EventJumpToYear=%FF%FE%3C%73%63%72%69%70%74%
    3E%61%6C%65%72%74%28%32%30%33%29%3C%2F%73%63%72%69%70%74%3E&EventJumpToM
    onth=04
    -------- output --------

    <b>Warning</b>: mktime() expects parameter 6 to be long, string g [...]
    January <script>alert(203)</script>
    </span></p>
    <form action="http://xxxxx.com/events/category/conferen [...]
    ------------------------

    The reports continue with more output blablabla, i think this is not a high risk but it would be great if someone can explain it to me.

    Regards

    http://wordpress.org/extend/plugins/the-events-calendar/

    [ Please do not bump, it's not permitted here. ]

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic