Hot Themes

XSS scripting problem, Sparky Pro upgrade Question

More
10 years 3 months ago #41891 by ivan.milic
Replied by ivan.milic on topic XSS scripting problem, Sparky Pro upgrade Question
I don't see anything wrong with it. That css url is forged in index.php of template (search css_request=1 within file) .

Please Log in to join the conversation.

  • whyknott
    Inactive member
  • Topic Author
  • Member
  • Member
More
10 years 3 months ago #41893 by whyknott
Replied by whyknott on topic XSS scripting problem, Sparky Pro upgrade Question
Thanks for taking a look, I don't know what to think now. Maybe it's a false reading on SiteLock's part? Maybe these XSS errors will go away when I upgrade Sparky and Joomla to their latest and greatest versions?

In the meantime until Joomla 3.4 is released, could you create an easy to follow (step-by-step) guide on how to upgrade sparky to the latest version from 0.96b or older Sparky without screwing up the existing web template created using the older version of Sparky?

This would serve a large amount of your Sparky user community as I've seen Many people asking about this.

Please Log in to join the conversation.

More
10 years 3 months ago #41894 by ivan.milic
Replied by ivan.milic on topic XSS scripting problem, Sparky Pro upgrade Question
Ok I have read on wikipedia about XSS, I can ensure you that attacker can not exploit template_css.php for attack.

Please Log in to join the conversation.

  • milos
    Support Staff
  • Moderator
  • Moderator
More
10 years 3 months ago #41897 by milos
Replied by milos on topic XSS scripting problem, Sparky Pro upgrade Question
Joomla 3.3.3 has some security problems related to XSS. Two days ago it's fixed by releasing Joomla 3.3.4. Make sure you updated your site and then try to check again with SiteLock.

Thanks

Please Log in to join the conversation.

  • whyknott
    Inactive member
  • Topic Author
  • Member
  • Member
More
10 years 3 months ago #41899 by whyknott
Replied by whyknott on topic XSS scripting problem, Sparky Pro upgrade Question
Gotcha Thanks! I'm running the Latest release of Joomla 2.5.25 so maybe that version has XSS problems too? I just don't want to jump yet until the process of upgrading from 2.5.25 to 3.4 is easier. One thing I can't stand about Joomla is the fact that upgrading is such a hassle. I'd upgrade no problem to 3.3.4 today if the database schema was the same but you have to jump through hoops to upgrade. Not to mention of course the standard of ensuring that Plugins and Extensions are compatible. Thanks!

Please Log in to join the conversation.

  • milos
    Support Staff
  • Moderator
  • Moderator
More
10 years 3 months ago #41901 by milos
Replied by milos on topic XSS scripting problem, Sparky Pro upgrade Question
I agree with you... Upgrading Joomla is a nightmare. Furthermore, there are always 2 actual versions, now 2.5 and 3.x, previously 1.5 and 2.5....

So much headache for users, not just for beginners! I think this is one of the main reasons why popularity of Joomla is going down. At the same time, WordPress, which is so user friendly regarding updates, is more popular every day. The graph of popularity from Google Trends describes this best.

www.google.com/trends/explore#q=joomla%2C%20wordpress&cmpt=q

Thanks

Please Log in to join the conversation.

Time to create page: 0.094 seconds
Powered by Kunena Forum