Page 1 of 1

Cross site scripting and other vulnerabilities?

PostPosted: Mon Jun 30, 2014 6:43 pm
by Jgold723
We recently underwent a PCI compliance scan on our server and one of the things it picked up was a cross site scripting vulnerability in an older perl script (although nothing in Coranto).

But, these scans (which now happen quarterly) seem to pick up different things each time and I'm getting a little concerned that one of these times, It's going to find an issue with Coranto.

So I thought I'd approach this proactively, since I really, really, really want to keep our installation of Coranto. It's the best CMS I've ever used and we've built our entire site around it.

Is anyone aware of an XSS issues with Coranto? And if so, what would the solutions be? Feel free to PM me if you don't think the specifics should be posted here.

Re: Cross site scripting and other vulnerabilities?

PostPosted: Wed Jul 23, 2014 4:18 pm
by SrNupsen
Never heard of any such issue/problem.

Re: Cross site scripting and other vulnerabilities?

PostPosted: Sat Aug 02, 2014 3:48 pm
by Dale Ray
There are a number of sites that explain how to test for this issue. Here is one. If you are concerned you should be testing any script you use not just Coranto.