Advice needed on cross scripting vulnerability WordPress
- SOLVED
A few months before i did a tutorial "jquery contact form" for my blog and many peoples using that saying thanks and questions on that tutorial. Recently i received a comment stating that the form has cross scripting vulnerability by having regex expression. You can see that here http://goo.gl/YeOed and check the last comment. But i am not having regex in javascript or i am not displaying directly the user inputs.
The only thing i having in mind to change in code is $_REQUEST to $_POST because $_REQUEST will accept both get and post requests.
However, i need your advice on removing any such insecure codes from my form to let peoples use that without doubt.
Answers (2)
Luis Cordova answers:
i would use CSRF, hope that helps
Kannan C comments:
Hi Luis Cordova, Thanks for the reply. I am already using Nmap but it is not mentioning any error.
Julio Potier answers:
Hello
I'm Julio and i'm Web Security Consultant. I audited your code and your script is not vulnerable to any XSS flaw, not even another flaw.
It is vulnerable to CSRF but we never fix a CSRF on a contact form, instead we use captchas.
See you !
Kannan C comments:
Hi Julio, Thank you very much for analyzing my code. Good Day!