WordPress.org

Support

Support » Plugins and Hacks » Visual Form Builder » Godaddy Site Scanner Warnings

Godaddy Site Scanner Warnings

  • The site we use Visual Form Builder Pro on happens to be hosted by Godaddy and their site scanner keeps reporting a warning that has to do with the pages we have forms on. Any ideas as to how we can address what this site scanner is complaining about would be appreciated. Thanks in advance.

    Warning Message:
    Your website contains pages that do not properly sanitize visitor‑provided input to make sure
    it contains no malicious content or scripts. Cross‑site scripting vulnerabilities let
    malicious users execute arbitrary HTML or script code in another visitor’s browser.

    Partial Output of the Warning:
    Using the GET HTTP method, Site Scanner found that :
    + The following resources may be vulnerable to cross-site scripting (quick test) :
    + The ‘vfb-spam’ parameter of the /insurance/auto/ CGI :
    /insurance/auto/?vfb-spam=–><script>alert(112)</script>
    ——– output ——–
    <input type=”submit” name=”visual-form-builder-submit” id=”sendmai […]

    </fieldset><input type=”hidden” name=”vfb_referral_url” value=”http://in
    surancemadeeasy.com/insurance/auto/?vfb-spam=–><script>alert(112)</scri
    pt>”></form></div> <!– .visual-form-builder-container –>
    </div><!– .entry-content –> <footer class=”entry-meta”> […]
    ————————
    + The ‘D’ parameter of the /insurance/professional/ CGI :
    /insurance/professional/?D=–><script>alert(112)</script>
    ——– output ——–
    <input type=”submit” name=”visual-form-builder-submit” id=”sendmai […]

    </fieldset><input type=”hidden” name=”vfb_referral_url” value=”http://in
    surancemadeeasy.com/insurance/professional/?D=–><script>alert(112)</scr
    ipt>”></form></div> <!– .visual-form-builder-container –>
    </div><!– .entry-content –> <footer class=”entry-meta”> […]

    http://wordpress.org/extend/plugins/visual-form-builder/

  • The topic ‘Godaddy Site Scanner Warnings’ is closed to new replies.
Skip to toolbar