SiteLock decertified me
Permalink 1 user found helpful
Sitelock found a "critical cross-site scripting vulnerability"--which
has decertified me. I paid them $50 to fix the problem. They emailed me back
saying they could not fix it, that it is a Concrete5 issue that SiteLock's
experts cannot fix. (Supposedly they are refunding my $50) I am a complete
newbee. Would you be so kind as to walk me through the change in code I need
and what line in the code I edit? My site is no-frills, no customers, nothing,
so I was surprised that SiteLock found this.
Thanks so much from a lowly computer illiterate.
Here is the consultant’s email to me:
You need to let Concrete5 know that the issue is in the frame work, that is Concrete5 CMS. This CMS is releasing patches and upgradable. Please ask them to assist you with this.
Sincerely,
Darina Andersen
Web Security Consultant
http://www.SiteLock.com
dandersen@sitelock.com
877-257-9263 ext.9003
415-390-2500
Here is their full message on my SiteLock dashboard. They claim the
vulnerability is found
ttp://www.success-in-math.com/index.php/login/do_
login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
Vulnerability
Page URL:http://www.success-in-math.com/index.php/login/do_...
login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
XSS Info: Cross site scripting vulnerability found in args rcID, submit,
uMaintainLogin, uName, uPassword
http://www.success-in-math.com/concrete/js/jquery....
js?v%3Df00e0b95e18ebbd2192026e1ecc3d44e
To view this user's profile, visit:http://www.concrete5.org/profile/-/view/107/...
To disable any future messages, change your profile preferences at:
http://www.concrete5.org/profile/edit/...
has decertified me. I paid them $50 to fix the problem. They emailed me back
saying they could not fix it, that it is a Concrete5 issue that SiteLock's
experts cannot fix. (Supposedly they are refunding my $50) I am a complete
newbee. Would you be so kind as to walk me through the change in code I need
and what line in the code I edit? My site is no-frills, no customers, nothing,
so I was surprised that SiteLock found this.
Thanks so much from a lowly computer illiterate.
Here is the consultant’s email to me:
You need to let Concrete5 know that the issue is in the frame work, that is Concrete5 CMS. This CMS is releasing patches and upgradable. Please ask them to assist you with this.
Sincerely,
Darina Andersen
Web Security Consultant
http://www.SiteLock.com
dandersen@sitelock.com
877-257-9263 ext.9003
415-390-2500
Here is their full message on my SiteLock dashboard. They claim the
vulnerability is found
ttp://www.success-in-math.com/index.php/login/do_
login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
Vulnerability
Page URL:http://www.success-in-math.com/index.php/login/do_...
login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
XSS Info: Cross site scripting vulnerability found in args rcID, submit,
uMaintainLogin, uName, uPassword
http://www.success-in-math.com/concrete/js/jquery....
js?v%3Df00e0b95e18ebbd2192026e1ecc3d44e
To view this user's profile, visit:http://www.concrete5.org/profile/-/view/107/...
To disable any future messages, change your profile preferences at:
http://www.concrete5.org/profile/edit/...
