#1 538451.xobor.com by jim cooper 05.07.2011 09:39

Dear Sirs,
I have been contacted by one of our Forum members this morning.
He states that his computer is constantly alerting him to the fact that our Forum is subject to "cross site scripting" - XSS
Whilst I am not overly familiar with XSS - can you confirm whether or not our Forum is regularly tested and checked for XSS
Jim Cooper

#2 RE: 538451.xobor.com by Ingmar 05.07.2011 12:06


Hi Jim

I can assure you that our software is very safe and constantly being tested to provide the best security possible.
Up to this day, there has not been a single Xobor Forum where someone has gotten access due to a code vulnerability.

However, we grant our administrators a lot of freedom in designing and configuring their forum. If you change the forum templates or allow HTML to be used by your members, it is possible to open your forum to any kind of attacks.

In your case, my guess would be that some Javascript files are loaded from our xobor.de-Server and since xobor.de and xobor.com are obviously two different "sites" your member's antivirus program concludes that this is a "cross site scripting"-problem.

I'm sure it's nothing to worry about, but could you ask your member which program is alerting him about the XSS-problem and maybe let me know the exact error message or warning?

#3 RE: 538451.xobor.com by jim cooper 06.07.2011 00:09

Many thanks for your reply.
I will forward this to him and ask.

Xobor Create your own Forum with Xobor