Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #27537


    my site scanner says that my site is vulterable to xss attacks – this is the message I get

    Using the POST HTTP method, Site Scanner found that :

    + The following resources may be vulnerable to cross-site scripting (quick test) :

    + The ‘avia_e-mail’ parameter of the /contact-us/ CGI :

    /contact-us/ [avia_e-mail=–><script>alert(112)</script>]




    […] “avia_e-mail” value=”–><script>alert(112)</script>”/><label for=”avia_e […]


    every time the site scanner does a scan a get a WHOLE BUNCH of blank contact form emails


    Hi Frankmaione,

    What version of Replete do you have installed?




    Hi Devin

    I Have version 1.5





    Since I have not had any reports lately and a security expert also checked the site for XSS vectors some time ago I would say that this is a false alarm. Trying to enter any form of script tag to produce an XSS output didnt work for me yet, I am going to do a few more tests though, just to make sure ;)




    ok.. there must be a vulnerability though, because of all the blank contact emails I get, despite there being a catcha or the agree to T&C box checked…


    That doesn’t necessarily indicate a XSS vulnerability. I dont know what tool you are using to scan your site but there are a multitude of scanning tools that are able to fill in forms correctly even with simple captchas :)

Viewing 6 posts - 1 through 6 (of 6 total)

The topic ‘Vulnerable to Cross site scripting’ is closed to new replies.