cross-site scripting

  • Resolved Agentbase

    (@agentbase)


    12 years, 7 months ago

    Hi,

    it seems this plugin uses cross-site scripting which is not allowed in many hosting envirnments due to the heavy security risks. I have asked the programmer to fix this.

    I will come back with answers, i hope 🙂

    Until then i advise you , do not use this addin, unless of course you want your site to be hacked.

    Best regards, Marcel

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Usability Dynamics

    (@usability_dynamics)

    12 years, 7 months ago

    Thanks for your information. However, please be advised this is a false positive due to some invalid mod_security regular expression rules. See the link below to details on why this is happening, and a method by which it can be fixed.

    In laymen terms: this issue is due to an invalid server configuration – not an issue with the commonly used library ‘jquery.cookie.js’.

    https://www.modsecurity.org/tracker/browse/CORERULES-29

    None of our plugins use any form of cross-site scripting.

    Thread Starter Agentbase

    (@agentbase)

    12 years, 7 months ago

    Hi,

    thanks for the information. I will go back to my hosting provider with this. However my best guess is that this will be an discussion which end up me not using the plugin. Because they will never admit that there is something wrong with their servers.

    Could you tell me which hosting providers run your plugin without errors???

    Best regards, Marcel

    Plugin Author Andy Potanin

    (@andypotanin)

    12 years, 7 months ago

    We used HostGator shared and VPS before switching to our own dedicated. Never had any issues with them with stuff like this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘cross-site scripting’ is closed to new replies.