Support » Plugin: Download Monitor » SiteLock Security Alert

  • Resolved MHJP

    (@mhjp)


    Hi,

    Our daily Sielock security scans are generating these alerts. Advice on any required action appreciated. thanks. mike

    Download Monitor 1.9.9
    Severity: Critical
    Category: xss
    Summary: Download Monitor 3.3.5.7 – index.php dlsearch Parameter XSS (Note: This plugin changed its version numbering, this may produce false positive)

    Description: Authenticated Cross-Site Scripting (XSS) in Download Monitor before version 3.3.5.9 can be used by authenticated attackers to place arbitrary JavaScript in to a URL or link through the index.php file. The attack is executed through the ‘dlsearch’ parameter. Note: The versioning of this plugin was changed, so this detection may produce false positives.

    Severity: Critical
    Category: xss
    Summary: Download Monitor 3.3.5.4 – Authenticated Cross-Site Scripting (XSS)
    Description: Authenticated Cross-Site Scripting (XSS) in Download Monitor, before at least version 3.3.5.4, can be used by attackers to place arbitrary JavaScript in to a URL or link through the download-monitor/uploader.php file. Note: This plugin has changed its version numbering, this may produce false positives.

Viewing 7 replies - 1 through 7 (of 7 total)
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘SiteLock Security Alert’ is closed to new replies.