Title: XSS SCAN Vulnerability
Last modified: April 6, 2017

---

# XSS SCAN Vulnerability

 *  Resolved [Chris Perryman](https://wordpress.org/support/users/revconcept/)
 * (@revconcept)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/xss-scan-vulnerability/)
 * My clients pay for a security solution at Network Solutions called “SiteLock”.
   They keep forwarding me emails with “security alerts” and they are going to be
   losing their sitelock secure badge because of this.
 * Here is the info showing in the SiteLock console:
 * **We have detected a critical cross-site scripting vulnerability at your site.
   This must be corrected within 72 hours in order to maintain your certification.
   
   XSS SCAN 4 Vulnerabilities:
 * URL:[https://ourdomain.org/events/list/?tribe_event_display=list&tribe_paged=1](https://ourdomain.org/events/list/?tribe_event_display=list&tribe_paged=1)
   
   Description:tribe_event_display,tribe_paged
 * URL:[https://ourdomain.org/events/list/?tribe_event_display=past&tribe_paged=1](https://ourdomain.org/events/list/?tribe_event_display=past&tribe_paged=1)
   
   Description:tribe_event_display,tribe_paged
 * URL:[https://www.ourdomain.org/events/list/?tribe_event_display=list&tribe_paged=1](https://www.ourdomain.org/events/list/?tribe_event_display=list&tribe_paged=1)
   
   Description:tribe_event_display,tribe_paged
 * URL:[https://www.ourdomain.org/events/list/?tribe_event_display=past&tribe_paged=1](https://www.ourdomain.org/events/list/?tribe_event_display=past&tribe_paged=1)
   
   Description:tribe_event_display,tribe_paged
 * Can you please let us know how to address this?

Viewing 1 replies (of 1 total)

 *  [nicosantos](https://wordpress.org/support/users/nicosantos/)
 * (@nicosantos)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/xss-scan-vulnerability/#post-9003292)
 * Hi there [@revconcept](https://wordpress.org/support/users/revconcept/),
 * Thanks for the report about this _potential issue_. One of our lead devs just
   checked on this, and he informed the variables in the URLs you sent are actually
   being corrected sanitized in the code before they are used. This should prevent
   any attack via those parameters.
 * Hopefully the report was not accurate,
    Best, Nico

Viewing 1 replies (of 1 total)

The topic ‘XSS SCAN Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/the-events-calendar/assets/icon-256x256.gif?rev=2516440)
 * [The Events Calendar](https://wordpress.org/plugins/the-events-calendar/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/the-events-calendar/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/the-events-calendar/)
 * [Active Topics](https://wordpress.org/support/plugin/the-events-calendar/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/the-events-calendar/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/the-events-calendar/reviews/)

## Tags

 * [Cross-site scripting](https://wordpress.org/support/topic-tag/cross-site-scripting/)
 * [security alert](https://wordpress.org/support/topic-tag/security-alert/)

 * 1 reply
 * 2 participants
 * Last reply from: [nicosantos](https://wordpress.org/support/users/nicosantos/)
 * Last activity: [9 years, 3 months ago](https://wordpress.org/support/topic/xss-scan-vulnerability/#post-9003292)
 * Status: resolved