Gravity Support Forums Topic: Reflected Cross-Site Scripting (XSS) Vulnerabilities https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities Gravity Support Forums Topic: Reflected Cross-Site Scripting (XSS) Vulnerabilities en-US Mon, 20 Apr 2026 03:24:41 +0000 http://bbpress.org/?v=1.0.1 <![CDATA[Search]]> q https://legacy.forums.gravityhelp.com/search.php Alan Chapman on "Reflected Cross-Site Scripting (XSS) Vulnerabilities" https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities#post-52806 Sun, 18 Mar 2012 23:46:32 +0000 Alan Chapman 52806@https://legacy.forums.gravityhelp.com/ <p>I'm using Sitelock and they picked up xss vulernabilities on my drop down fields can you help? </p> parthenon on "Reflected Cross-Site Scripting (XSS) Vulnerabilities" https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities#post-51742 Thu, 08 Mar 2012 11:24:10 +0000 parthenon 51742@https://legacy.forums.gravityhelp.com/ <p>Thanks for the fix.<br /> The Qualys scan is passing now. </p> Alex Cancado on "Reflected Cross-Site Scripting (XSS) Vulnerabilities" https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities#post-51510 Tue, 06 Mar 2012 18:00:20 +0000 Alex Cancado 51510@https://legacy.forums.gravityhelp.com/ <p>I was able to pinpoint and address both of these vulnerabilities. They will be available this afternoon or tomorrow as part of the 1.6.3.2 release. </p> Alex Cancado on "Reflected Cross-Site Scripting (XSS) Vulnerabilities" https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities#post-51429 Tue, 06 Mar 2012 10:24:11 +0000 Alex Cancado 51429@https://legacy.forums.gravityhelp.com/ <p>Thanks for pointing these out. Let me take a look at it and see what i can do to solve these vulnerabilities. I will keep you posted </p> parthenon on "Reflected Cross-Site Scripting (XSS) Vulnerabilities" https://legacy.forums.gravityhelp.com/topic/reflected-cross-site-scripting-xss-vulnerabilities#post-50926 Wed, 29 Feb 2012 11:55:27 +0000 parthenon 50926@https://legacy.forums.gravityhelp.com/ <p>My client is using Qualys to scan their site and their tool is reporting two XSS issues on a form I created.</p> <p>One of the issues is with a radio buttons field with 'Enable "other" choice' checked.</p> <p><code>&lt;input name=&#39;input_19_other&#39; type=&#39;text&#39; value=&#39;Male &lt;script&gt;_q_q=random()&lt;/script&gt;&#39; onfocus=&#39;jQuery(this).prev(&quot;input&quot;).attr(&quot;checked&quot;, true); if(jQuery(this).val() == &quot;Other&quot;) { jQuery(this).val(&quot;&quot;); }&#39; onblur=&#39;if(jQuery(this).val().replace(&quot; &quot;, &quot;&quot;) == &quot;&quot;) { jQuery(this).val(&quot;Other&quot;); }&#39; tabindex=&#39;104&#39; /&gt;</code></p> <p>The other issue is with a hidden input.</p> <p><code>&lt;input type=&#39;hidden&#39; name=&#39;gform_ajax&#39; value=&#39;form_id=7&amp;title=&amp;description= &lt;script&gt;_q_q=random()&lt;/script&gt;&#39; /&gt;</code></p> <p>Is there a fix for this? Is this a known issue? </p>