Found cross-site scripting on my website. Please advise me

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
mktysonmike
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jan 31, 2015 5:16 pm

Found cross-site scripting on my website. Please advise me

Post by mktysonmike » Sat Jan 31, 2015 5:22 pm

Hello everybody!

I have scanned my website with Acnetix vulnerability scanner and it found several cross-site scripting vulnerabilities. I`ve read some about cross-site scripting and fixed them using htmlsleciachars function. But the acnetix still says that these vulnerabilities are not fixed. Could this be true? Please help me deal with this issue. If you ned more information, just tell me what to show you.
Thank you.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11194
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Found cross-site scripting on my website. Please advise

Post by toivo » Sat Jan 31, 2015 5:44 pm

Can you please confirm if your site still runs Joomla 1.0? If that is the case, you should consider migrating to a supported version. Joomla 1.0 is long past its use-by date and not supported.
Toivo Talikka, Global Moderator

mktysonmike
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jan 31, 2015 5:16 pm

Re: Found cross-site scripting on my website. Please advise

Post by mktysonmike » Sat Jan 31, 2015 7:45 pm

No, I`m running the latest version of Joomla 2.5.28.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11194
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Found cross-site scripting on my website. Please advise

Post by toivo » Sat Jan 31, 2015 8:05 pm

In that case please create a topic at the Joomla 2.5 Security Forum at http://forum.joomla.org/viewforum.php?f=621

You should follow the instruction in the sticky note at the top of the forum and install Forum Post Assistant (FPA) and include the output in your post. That will allow experts to see if something is not right in the server settings and if one or more extension is out of date.
Toivo Talikka, Global Moderator


Locked

Return to “Security in Joomla! 2.5”