Title: cross-site scripting
Last modified: August 20, 2016

---

# cross-site scripting

 *  Resolved [Agentbase](https://wordpress.org/support/users/agentbase/)
 * (@agentbase)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/cross-site-scripting/)
 * Hi,
 * it seems this plugin uses cross-site scripting which is not allowed in many hosting
   envirnments due to the heavy security risks. I have asked the programmer to fix
   this.
 * I will come back with answers, i hope 🙂
 * Until then i advise you , do not use this addin, unless of course you want your
   site to be hacked.
 * Best regards, Marcel

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Contributor [UDX Usability Dynamics](https://wordpress.org/support/users/usability_dynamics/)
 * (@usability_dynamics)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/cross-site-scripting/#post-2273015)
 * Thanks for your information. However, please be advised this is a false positive
   due to some invalid mod_security regular expression rules. See the link below
   to details on why this is happening, and a method by which it can be fixed.
 * In laymen terms: this issue is due to an invalid server configuration – not an
   issue with the commonly used library ‘jquery.cookie.js’.
 * [https://www.modsecurity.org/tracker/browse/CORERULES-29](https://www.modsecurity.org/tracker/browse/CORERULES-29)
 * None of our plugins use any form of cross-site scripting.
 *  Thread Starter [Agentbase](https://wordpress.org/support/users/agentbase/)
 * (@agentbase)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/cross-site-scripting/#post-2273054)
 * Hi,
 * thanks for the information. I will go back to my hosting provider with this. 
   However my best guess is that this will be an discussion which end up me not 
   using the plugin. Because they will never admit that there is something wrong
   with their servers.
 * Could you tell me which hosting providers run your plugin without errors???
 * Best regards, Marcel
 *  Plugin Author [Andy Potanin](https://wordpress.org/support/users/andypotanin/)
 * (@andypotanin)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/cross-site-scripting/#post-2273061)
 * We used HostGator shared and VPS before switching to our own dedicated. Never
   had any issues with them with stuff like this.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘cross-site scripting’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wp-invoice_c36510.svg)
 * [WP-Invoice - Web Invoice and Billing](https://wordpress.org/plugins/wp-invoice/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-invoice/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-invoice/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-invoice/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-invoice/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-invoice/reviews/)

 * 3 replies
 * 3 participants
 * Last reply from: [Andy Potanin](https://wordpress.org/support/users/andypotanin/)
 * Last activity: [14 years, 8 months ago](https://wordpress.org/support/topic/cross-site-scripting/#post-2273061)
 * Status: resolved