Cross Site Scripting Warning on Contact 7 Form
Can anyone advicse me with this issue? Below in the “NOTES” is the response that GoDaddy gave to me regarding cross scripting security risk to my website. They say it likely has to do with my WordPress Plugin for the Contact Form. They say that the plugin may have a security issue and needs to be updated or changed to a plugin with built in security for the cross scripting prevention. Thank you for your help.
Notes from GoDaddy to me:
At this time, it does appear that your site is vulnerable to Cross-Site Scripting.
You can see this by inserting this URL into your browser:
In order to prevent this type of attack you will need to ensure that untrusted data is kept separate from browser content. The following is recommended:
2. The use of positive or “whitelist” input validation with appropriate canonicalization (decoding) can also help to protect against XSS. Please note that this is not a complete defense as many applications will require special characters in their input.
Additionally you can visit the site below for more information on preventing Cross Site Scripting.
- The topic ‘Cross Site Scripting Warning on Contact 7 Form’ is closed to new replies.