Sitelock: Cross-Scripting Vulnerability, Unresolved
Permalink
Hello, and Help!
Back in October, SiteLock alerted me to a "critical cross site scripting vulnerability." I did some research, looked at some other chats in the forum, and followed the advice, and thought it was resolved. This month I've received an email from SiteLock, reiterating the exact same problem:
You got a problem with cross site scripting. Please see the information below. Also, here is the link to Concrete5s blog, where they tell you how to fix the issue:
www.www.concrete5.org/developers/bugs/5-4-1-1/xss-vulnerability-on-l...
Page URL:http://www.truenatureembodiedarts.com/index.php/lo...
gin/do_login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
Xss Info: Cross site scripting vulnerability found in args rcID, submit, uMaintainLogin, uName, uPassword
The problem, apparently, was never "fully resolved." And the Concrete5 link they've given me above is exactly the link I followed, to a T, I thought, the first time. So I'm at a dead end! What do I do?
Let me be the first to say that I am in so far over my head with all of this. I have zero training in web development... or computers, for that matter. It's a miracle I've made it this far. I could really use some help, please!!!
Thanks!
Back in October, SiteLock alerted me to a "critical cross site scripting vulnerability." I did some research, looked at some other chats in the forum, and followed the advice, and thought it was resolved. This month I've received an email from SiteLock, reiterating the exact same problem:
You got a problem with cross site scripting. Please see the information below. Also, here is the link to Concrete5s blog, where they tell you how to fix the issue:
www.www.concrete5.org/developers/bugs/5-4-1-1/xss-vulnerability-on-l...
Page URL:http://www.truenatureembodiedarts.com/index.php/lo...
gin/do_login/?rcID%3D1%26submit%3DSign In
%3E%26uMaintainLogin%3D1%26uName%3D1%26uPassword%3
D1
Xss Info: Cross site scripting vulnerability found in args rcID, submit, uMaintainLogin, uName, uPassword
The problem, apparently, was never "fully resolved." And the Concrete5 link they've given me above is exactly the link I followed, to a T, I thought, the first time. So I'm at a dead end! What do I do?
Let me be the first to say that I am in so far over my head with all of this. I have zero training in web development... or computers, for that matter. It's a miracle I've made it this far. I could really use some help, please!!!
Thanks!
According to the thread, the issue was fixed in core. Have you updated recently (since March 2011)? What version of Concrete5 are you running?
Hmm. I just got the account with Concrete5 in August of 2011. I'm not even sure how to find out what version I have! Does the August '11 date help answer the question?
Thank you for responding!
Thank you for responding!
When you log in and go to the dashboard, the version number is displayed towards the top right (near the Sign Out button).
If you are behind the latest version, you'll see an green update notice that indicates what version you are on.
If you are behind the latest version, you'll see an green update notice that indicates what version you are on.
Looks like I've got 5.4.1.1 (Although I didn't find this info in the area you indicated. Nothing there that I could see? Oh well).
So that's a bit behind the latest version... Do you think this could be my problem?
Thank you!!
So that's a bit behind the latest version... Do you think this could be my problem?
Thank you!!
