XSS Cross site scripting pls help

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • samii
    Member
    • Jan 2010
    • 41
    #1

    [Forum] XSS Cross site scripting pls help

    When I go into my search.php and when i searched for this <script>alert('XSS Hackable!')</script>

    the search results shows my forum is hackable, Can anyone please help on how to fix this?

    I am on version 4.0.5
    Tags: None
    • Trevor Hannant
      vBulletin Support
      • Aug 2002
      • 24193
      • 5.7.X
      #2
      Upgrade your site - this doesnt happen on my 4.0.7 site or on here (running 4.0.8).
      Vote for:

      - Admin Settable Paid Subscription Reminder Timeframe (vB6)
      - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

        Comment

        • Micronichos
          Senior Member
          • Jun 2010
          • 189
          #3
          Originally posted by Trevor Hannant
          Upgrade your site - this doesnt happen on my 4.0.7 site or on here (running 4.0.8).
          Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
          I could sell you my unused vB4 Suite license, but I'm not so cruel...

            Comment

            • Shamil.
              Senior Member
              • Feb 2008
              • 4755
              • 4.2.X
              #4
              Originally posted by Micronichos
              Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
              The first procedure in any event is to make sure that you are running the latest software version. It is then likely, that the fix was included in a later release.
              Shamil Nunhuck, - Radon Systems Ltd.
              VPS + Dedicated Server Hosting and Management
              vBulletin Hosting and Services
              Server / Website Consultation

                Comment

                • Removed-836727
                  Banned by User Request
                  • Apr 2006
                  • 1274
                  #5
                  Deactivate your plugin system and try it again.
                  The most Problems comes from semiprofessional add-ons

                    Comment

                    • nakedanvil
                      Senior Member
                      • Mar 2010
                      • 1920
                      • 4.0.0
                      #6
                      Originally posted by Micronichos
                      Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
                      They could probably find out what versions you've downloaded, but they would have no way to determine what version you're running on your site. One reason for upgrades is security fixes. It's your choice whether or not to use the latest and most secure version of any software you're using.

                        Comment

                        • Zachery
                          Former vBulletin Support
                          • Jul 2002
                          • 59097
                          #7
                          Originally posted by Micronichos
                          Why don't you alert about security issues? some people are not interested in upgrade and I think this is a very bad security policy.
                          We always push security updates and notices out to as many places as possible.

                          It is also possible no one reported the issue, and it was fixed unintentionally during bug fixes.

                            Comment

                            • Micronichos
                              Senior Member
                              • Jun 2010
                              • 189
                              #8
                              Originally posted by Zachery
                              We always push security updates and notices out to as many places as possible.

                              It is also possible no one reported the issue, and it was fixed unintentionally during bug fixes.
                              Thanks Zachery.
                              I could sell you my unused vB4 Suite license, but I'm not so cruel...

                                Comment

                                Previous template Next
                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                😀
                                😂
                                🥰
                                😘
                                🤢
                                😎
                                😞
                                😡
                                👍
                                👎