-
Posts
-
Good morning everyone,
We are an Italian agency and have developed more than 10 website using Enfold (for which I can send you all the purchase certificates), two of which are also fairly large and well-positioned e-commerce websites.
Between February 13th and 14th, we suffered attacks due to Cross Site Scripting (XSS).
Some sites have been fixed, others haven’t yet.
The real problem is that Cross Site Scripting (XSS) has been classified by antivirus systems (Norton, Avira, etc.) for PCs, and many of our clients and users can no longer reach their website because they are blocked first.A patch for this vulnerability is URGENTLY NEEDED; the theme is practically unusable for PC users; Mac users are better off accessing it.
Do you have a release date for the patch?
It’s really urgent because I no longer know how to explain the situation to my clients and so many users.Thank you very much!
AntonellaPlease be honest – go to securityheaders.com and enter your website there. If you don’t have an F, then you’re okay – if you have an A+, it’s almost the gold standard for online banking.
If you close these gates, a fix wouldn’t be necessary at all.
https://securityheaders.com/?q=https%3A%2F%2Fwebers-testseite.de%2F&followRedirects=onand this csp header for scripts : script-src ‘nonce-KbhxgiTjJyYd7tEq282YPA’ ‘strict-dynamic’ ‘self’ is the nonplusultra.
Each time you open that site – the nonce (number only used once) key will be randomly changed . if script does not include that nonce – it will be blocked!
- You must be logged in to reply to this topic.