Hey Jeff,

I am really sorry for the delay of this reply as it is a weekend for us here. Does your web hosting provider have any reports on the XSS report? If they could provide us the steps to replicate this, we'll take a look into this.

Hi Mark. Thanks so much for getting back to me. I just got home from work, so I did not have time to look at any of the links.

This is the report that I got from my host. Not sure if this helps shed light on the issue for you.

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQ=
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTY5
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTYz
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTc3
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTgx
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTk4
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTky
Description:return

URL:http://www.chicagopaws.com/about-jeff/blog/login.html?return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTkz
Description:return

Hello Jeff,

I am really sorry for the delay of this reply as it is a weekend for us here. I believe these are false positive reports as these are actually return redirection and it's not really an "xss". You have the same problems with Joomla's login form, as you can see here, http://take.ms/VCydiS

Thanks so much for your response. Does this mean that there isn't a problem that I need to address? One time in the past my host shut down my site temporarily since I am on a shared server and they were concerned that the problem would impact other sites on the server.

That, I believe, was a malware problem and I simply had to delete the impacted files which thankfully were on an old version of my site.

I am not sure, at this point, how to "fix" this problem and I don't want to pay them for their help if it is unnecessary. My site scan found this and I pay for this service through my host.

Any suggestions would be appreciated.

Thanks so much.

Hey Jeff,

I don't think there's anything that you need to worry here as this is a false positive but you could actually share this link to your web host as this is from Joomla's core too.

[gist]
http://www.chicagopaws.com/index.php?option=com_users&view=login&return=aHR0cDovL3d3dy5jaGljYWdvcGF3cy5jb20vYWJvdXQtamVmZi9ibG9nL2NvbXBvc2VyLmh0bWw/dG1wbD1jb21wb25lbnQmdWlkPTky
[/gist]

Thanks

Actually which link should I show them? Thanks for your help.

Hey Jeff,

The one that I placed in the gist code section.

Hi. This is the response that I received from SiteLock that scans my site.

------------

Hello Jeff,

I hope you are having a pleasant morning so far. I want to confirm that these are in fact legitimate Cross Site Scripting Vulnerabilities and that they are not false positives.
Whats happening is on your member login page for your blog, when people login to the page it is not coded to filter the page that pops up next after so it is open to become a redirect page, phishing page, or worse.

Your IT specialist stated that they believe it is not XXS becuase of "return redirection', the issue is once the individual logs in there is no filter on the page that pops up after leaving it open to phishing attempts. Please bring these issues up with your IT specialist so that they are able to re-code the page so that it is no longer vulnerable. Once your IT specialist finishes then I will run a new XXS scan to confirm that the issues are no longer present.

If your IT specialist has any further questions please have them call me at 480-508-7246 or our 24/7 main line 855-378-6200 so that I can have them speak with our support team to better convey these issues.

----------


Please let me know what I can do.

Thanks.

Jeff

Hey Jeff,

Hm, I am actually pretty speechless from the response of your web host. Anyway, if this would satisfy them, here's what you can do, edit the file /components/com_easyblog/themes/wireframe/login/default.php and at line 64 remove the codes below,

[gist]
<input type="hidden" name="return" value="<?php echo $return; ?>" />
[/gist]

Once you have removed this, try to get them to check again.

Thanks so much for all your help. This is way over my head so I really am looking to you for guidance. I will do that when I get home and let you know. Thanks so much.

You're welcome Jeff, keep us updated then.