Support » Plugin: All-in-One Event Calendar » PCI Compliance “Vulnerability”

  • Resolved hardonhorsepoweradmin

    (@hardonhorsepoweradmin)


    Hello,

    We currently utilize AI1EC on our installation, as of lately we are getting “Vulnerability” errors when performing PCI scans on our website – more info can be found below:

    THREAT REFERENCE

    Summary:
    Web error message information leakage: /

    Risk: High (3)
    Port: 443/tcp
    Protocol: tcp
    Threat ID: web_security_errorinfo

    Details: The web server produced an error message containing detailed information about an error in the application or back-end database. This message may disclose information about the internal workings of the application, which may be useful to developers, but also to potential attackers.

    Information From Target:
    Service: https
    Sent:
    GET /?ai1ec_render_js=event.js& HTTP/1.0
    Host: lloydz.com
    User-Agent: Mozilla/5.0

    Received:
    error(e):T(e,a).slice(0)}function mt(e){var t=0,n=e.length,r=””;for(;t<n;t++)r+=e[t].value;return r}function gt(e,t,n){var i=t.dir,s=n&&i===”parentNode”,o=S++;return t.first?function(t,n,r){while(t=t

    I figured there was some relation to the recently patched XSS concern listed in update version Version 2.5.19, however none of the recent updates have acted to help patch this issue. Please let me know if there is any assistance you can offer otherwise the plugin will need to be removed within the next ten days, as we are nearing the end of our PCI Compliance and need to remedy this asap.

    Thank you for your time and efforts.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘PCI Compliance “Vulnerability”’ is closed to new replies.