RSS

LuxCal Forum

The place for questions, suggestions and news about the LuxCal Event Calendar

User:   Password:   Remember Me?   
LuxCal Forum / General / Problems / Cross site scripting vulnerability found
Posted:  14 Dec 2012 00:28
ohmy

I am getting this message from iPage/SiteLock

"URL:http://xxx/luxcal/index.php?cD%3D1962-01-18
Cross site scripting vulnerability found in args:cD"

Any fix for this? My site is REALLY slow and I am worried about hackers...
Posted:  14 Dec 2012 11:31
Hi there,
I don't know which LuxCal version you are using, but in the current version all GET arguments (including the "cD" arg, mentioned in your post) are 100% validated and all "POSTed" text data are "escaped".
Consequently XSS should not be possible.
We're very keen on solving vulnerabilities. Let me know if have reasons to believe there are still vulnerabilities left in LuxCal.
Roel