Title: XSS security flaw
Last modified: September 16, 2016

---

# XSS security flaw

 *  Resolved [privateboxnz](https://wordpress.org/support/users/privateboxnz/)
 * (@privateboxnz)
 * [9 years, 8 months ago](https://wordpress.org/support/topic/xss-security-flaw/)
 * The software does not sufficiently validate, filter, escape, and encode user-
   controllable input before it is placed in output that is used as a web page that
   is served to other users.
 * Example submitted data to get the error:
    submitted=Y&rRating=5&rName=%27+onerror%
   3D%27new+dd4f47e67c209667613c1d7d5cc9a1d2%3B%2F%2F%22+onerror%3D%22new+dd4f47e67c209667613c1d7d5cc9a1d2%
   3B&rEmail=&rText=
 * Basically you can insert javascript on to a persons website using your plugin.
 * For more info you can see [http://cwe.mitre.org/data/definitions/79.html](http://cwe.mitre.org/data/definitions/79.html)
 * Please fix!

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Contributor [Nuanced Media](https://wordpress.org/support/users/nuanced-media/)
 * (@nuanced-media)
 * [9 years, 8 months ago](https://wordpress.org/support/topic/xss-security-flaw/#post-8191305)
 * privateboxnz,
 * I am well aware of what cross site scripting is, I honestly thought I had set
   up preventative measures for this type of attack. I will make an effort to patch
   any remaining vulnerabilities quickly. I would greatly appreciate it if you could
   provide me with more detail as to how you got this injection working. If you 
   could please email me at [plugins@nuancedmedia.com](https://wordpress.org/support/topic/xss-security-flaw/plugins@nuancedmedia.com?output_format=md),
   I would greatly appreciate it.
 * Thanks,
    Charlie Maxwell [NM_Developer]
 *  Thread Starter [privateboxnz](https://wordpress.org/support/users/privateboxnz/)
 * (@privateboxnz)
 * [9 years, 7 months ago](https://wordpress.org/support/topic/xss-security-flaw/#post-8201086)
 * Right. So I went back to my PCI scanning provider and they agreed. No security
   hole here!
 * Well done.
 * Sorry for the bother!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘XSS security flaw’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/rich-reviews_e3f9fb.svg)
 * [Rich Reviews by Starfish](https://wordpress.org/plugins/rich-reviews/)
 * [Support Threads](https://wordpress.org/support/plugin/rich-reviews/)
 * [Active Topics](https://wordpress.org/support/plugin/rich-reviews/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/rich-reviews/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/rich-reviews/reviews/)

## Tags

 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 2 replies
 * 2 participants
 * Last reply from: [privateboxnz](https://wordpress.org/support/users/privateboxnz/)
 * Last activity: [9 years, 7 months ago](https://wordpress.org/support/topic/xss-security-flaw/#post-8201086)
 * Status: resolved