Are you enjoying the extensions? Did you like the support? Help others decide.

Leave a review

file suffix----xss(Cross Site Scripting)

More
10 years 8 months ago #2595 by wain
hi!I installed the lovely module---latest news enhanced, but one web leak scanner soft scanned the module, and it has alerted the xss(Cross Site Scripting). xxxxxx.com/modules/mod_latestnewsenhance...e.css.php?suffix=132

Is there anyone can give some advice to solve this problem? many thx.

Please Log in or Create an account to join the conversation.

More
10 years 8 months ago #2602 by admin
Replied by admin on topic Re: suffix----xss(Cross Site Scripting)
Hello,
I do not understand how this is interpreted as client side scripting as it is a php file working on the server... Not anything like a threat as explained here www.veracode.com/security/xss .
I am not sure how to prevent this issue here...

Olivier.

Please Log in or Create an account to join the conversation.

More
10 years 8 months ago #2603 by admin
Replied by admin on topic Re: suffix----xss(Cross Site Scripting)
I have added extra security code in the latest version of the module so that it prevents such attacks. Please update the module to the latest version.

Olivier.

Please Log in or Create an account to join the conversation.

More
10 years 8 months ago #2604 by admin
Replied by admin on topic Re: suffix----xss(Cross Site Scripting)
One more thing: the parameters entered in the paths are not user inputs but values coming from the Joomla! framework...

Olivier.

Please Log in or Create an account to join the conversation.