My website protection scanners have found a cross site scripting vulnerability in what appears to be the contact page of the Rethink theme. How can I fix this issue? Thanx! Here is what they found for cookie injection: contact/ [comments=<script>document.cookie="testldpb=3529;"</script>] -------- output -------- <li> <label for="commentsText">Message:</label> <textarea name="comments" id="commentsText" rows="20" cols="30" class="r equired requiredField"><script>document.cookie="testldpb=3529;"</script> </textarea> </li> <li> Cross Site scripting vulnerability /contact/ [comments=<IMG SRC="javascript:alert(104);">] -------- output -------- <li> <label for="commentsText">Message:</label> <textarea name="comments" id="commentsText" rows="20" cols="30" class="r equired requiredField"><IMG SRC="javascript:alert(104);"></textarea> </li> <li>
Hello, We are looking to this issue and will update "contact template" with the next theme version update. Thanks & Regards Nitesh Raghuwanshi
