Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

Sitelock issue


  #1  
Old Jul 14, 2018, 12:30 PM
rickpoet
 
80 posts · Jan 2010
Howdy,

I use Sitelock on one of the servers where I have a few Atahualpa installations. Just this week they started alerting me with a security message which seems connected to Atahualpa code. Not sure if it's legit or if they're just trying to get me to upgrade. :/

But here's what they're saying:

Severity: Medium

Category: xss

Summary: Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)

Description: Providing any of the following fields with string such as: "><script>alert(1);</script> results in the script element getting appended after the respective input element when the request returns from the server: "comment_feed_link", "home_cat_menu_bar", "email_subscribe_link", "home_single_next_prev", "email_subscribe_link_title", "feedburner_email_id", "excerpt_length", "page_menu_bar_link_color", "cat_menu_bar_background_color_parent", "cat_menu_bar_link_color", "left_col_pages_exclude", "widget_lists link-hover-color", "left_col2_cats_exclude" The solution to this issue is to encode as html all the user-provided parameters before they are returned to the browser.

Bookmarks



Similar Threads
Thread Thread Starter Forum Replies Last Post
Could someone please help me with a URL issue? philip2001 New Versions, & Updating 1 Jun 5, 2012 09:16 AM
Odd CSS issue Sven Atahualpa 3 Wordpress theme 7 Nov 10, 2011 07:28 AM
[SOLVED] Can't edit posts - edits vanish - Virus? Theme Issue? WP Issue? jfrenaye Atahualpa 3 Wordpress theme 1 Aug 4, 2009 08:14 AM


All times are GMT -6. The time now is 11:35 AM.


Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.