Announcement

Collapse
No announcement yet.

XSS Cross site scripting pls help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] XSS Cross site scripting pls help

    When I go into my search.php and when i searched for this <script>alert('XSS Hackable!')</script>

    the search results shows my forum is hackable, Can anyone please help on how to fix this?

    I am on version 4.0.5

  • #2
    Upgrade your site - this doesnt happen on my 4.0.7 site or on here (running 4.0.8).
    Vote for:

    - *Admin Settable Paid Subscription Reminder Timeframe*
    -
    *PM - Add ability to reply to originator only*
    - Add Admin ability to auto-subscribe users to specific channel(s)
    - "Quick Route" Interface...

    Comment


    • #3
      Originally posted by Trevor Hannant View Post
      Upgrade your site - this doesnt happen on my 4.0.7 site or on here (running 4.0.8).
      Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
      I could sell you my unused vB4 Suite license, but I'm not so cruel...

      Comment


      • #4
        Originally posted by Micronichos View Post
        Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
        The first procedure in any event is to make sure that you are running the latest software version. It is then likely, that the fix was included in a later release.
        Shamil Nunhuck, - Radon Systems Ltd.
        VPS + Dedicated Server Hosting and Management
        vBulletin Hosting and Services
        Server / Website Consultation

        Comment


        • #5
          Deactivate your plugin system and try it again.
          The most Problems comes from semiprofessional add-ons

          Comment


          • #6
            Originally posted by Micronichos View Post
            Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
            They could probably find out what versions you've downloaded, but they would have no way to determine what version you're running on your site. One reason for upgrades is security fixes. It's your choice whether or not to use the latest and most secure version of any software you're using.

            Comment


            • #7
              Originally posted by Micronichos View Post
              Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
              We always push security updates and notices out to as many places as possible.

              It is also possible no one reported the issue, and it was fixed unintentionally during bug fixes.

              Comment


              • #8
                Originally posted by Zachery View Post
                We always push security updates and notices out to as many places as possible.

                It is also possible no one reported the issue, and it was fixed unintentionally during bug fixes.
                Thanks Zachery.
                I could sell you my unused vB4 Suite license, but I'm not so cruel...

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X