WordPress.org

Ready to get started?Download WordPress

Forums

Formidable Forms
[resolved] vulnerable to script injection (3 posts)

  1. manatro
    Member
    Posted 1 year ago #

    My hosting provider is saying that two forms in my site ate vulnerable to script injection, do you have an upgrade or patch?

    error is as follows:
    Using the POST HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to script injection :
    + The 'item_meta[195]' parameter of the /boarding-reservation/ CGI :
    /boarding-reservation/ [item_meta[195]=msgbox("foo");window.alert('bar')
    ;]
    -------- output --------
    <span class="frm_required"></span>
    </label>
    <textarea name="item_meta[195]" id="field_aaftzj" rows="5" >msgbox("foo"
    );window.alert('bar');</textarea>
    ------------------------
    + The 'item_meta[486]' parameter of the /club-barks-job-application/ CGI :
    /club-barks-job-application/ [item_meta[486]=msgbox("foo");window.alert(
    'bar');]
    -------- output --------
    <label class="frm_primary_label">Please list 3 references - name a [...]
    </label>
    <textarea name="item_meta[486]" id="field_r4bpvz" cols="22" class=" aut
    o_width">msgbox("foo");window.alert('bar');</textarea>
    ------------------------
    Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:86

    http://wordpress.org/extend/plugins/formidable/

  2. sswells
    Member
    Plugin Author

    Posted 1 year ago #

    Can you please post in our help desk with a link to your form? Is would be best if it were a private post.
    http://formidablepro.com/help-topics/

  3. manatro
    Member
    Posted 1 year ago #

    Please moderator - delete this post.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.