PDA

View Full Version : XSS Vulnerability in Socrates



SkyCatcher
09-05-2011, 09:53 PM
Hi,

I have a commercial website/blog where I use Socrates v2.1.15. I also subscribe to security service, SiteLock, which alerted me to a cross site scripting vulnerability. I thought this to be more of a Wordpress question than one for the Socrates Forum. Does anyone know how to go about getting rid of this so called cross site scripting vulnerability? If it is Wordpress related I think all Socrates users would be interested this. I have to be careful in divulging to many particulars for security sake. This is the reason for the vague detail.

Dan Nickerson
09-06-2011, 04:20 PM
Did they specify what the problem was? My guess is that it's because we're calling Google's jquery..

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js (http://www.socratestheme.com/forum/view-source:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js)"></script>

You can remove this from your header and see if it solves.