Welcome, Guest
Username: Password: Remember me

TOPIC: xss Vulnerability?

xss Vulnerability? 2 years 9 months ago #6647

  • suus
  • suus's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
My Hostingprovider sends me a message that there is a xss Vulnerability? ([Joomla] XSS in Joomla change) in mega_etanol/html/com_contact/category/default_items.php
mega_etanol/html/com_contact/featured/default_items.php

what can i do? is there a patch?
The administrator has disabled public write access.

Re: xss Vulnerability? 2 years 9 months ago #6648

  • trungdt
  • trungdt's Avatar
  • OFFLINE
  • Administrator
  • Posts: 2287
  • Thank you received: 997
  • Karma: 121
Can you tell me more detail about those files ? What's is the problem ?

Regards
The administrator has disabled public write access.

Re: xss Vulnerability? 2 years 9 months ago #6659

  • suus
  • suus's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
they don't give more details... only that i have to fix it. i will ask if they can give more information.
The administrator has disabled public write access.

Re: xss Vulnerability? 2 years 9 months ago #6661

  • suus
  • suus's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
the answer that i got:

The problem is not literally in the template, but the template saves files in folders / files that are part of Joomla. In the folders / files where they are stored are leaks. As it a template, the files will be used where the template is stored. Because the leaks are here the scan recognizes it as vulnerability. The cause of the problem lies in Joomla itself in combination with the storage location of certain files from the template.
The administrator has disabled public write access.

Re: xss Vulnerability? 2 years 6 months ago #7103

  • suus
  • suus's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
my hosting gave me this link:

developer.joomla.org/security/352-201106...s-vulnerability.html

can i just delete the files in com_contact? or do you have a update?
/templates/mega_etanol/html/com_contact/category/default_items.php
/templates/mega_etanol/html/com_contact/featured/default_items.php
The administrator has disabled public write access.

Re: xss Vulnerability? 2 years 6 months ago #7106

  • trungdt
  • trungdt's Avatar
  • OFFLINE
  • Administrator
  • Posts: 2287
  • Thank you received: 997
  • Karma: 121
Yes, you can delete these files. It's not problem with template.

Regards
The administrator has disabled public write access.
Time to create page: 0.163 seconds