<?xml version="1.0" encoding="UTF-8"?>
	<rss version="2.0"
		xmlns:content="http://purl.org/rss/1.0/modules/content/"
		xmlns:wfw="http://wellformedweb.org/CommentAPI/"
		xmlns:dc="http://purl.org/dc/elements/1.1/"
		xmlns:atom="http://www.w3.org/2005/Atom"

			>

	<channel>
		<title>BlueOwlCreative  &#187;  Topic: XSS scan vulnerability</title>
		<atom:link href="http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/feed/" rel="self" type="application/rss+xml" />
		<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/feed/</link>
		<description></description>
		<pubDate>Fri, 17 Jul 2026 11:16:52 +0000</pubDate>
		<generator>http://bbpress.org/?v=2.5.3-5249</generator>
		<language>en-US</language>

		
														
					
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27076</guid>
					<title><![CDATA[XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27076</link>
					<pubDate>Mon, 15 Feb 2016 21:05:06 +0000</pubDate>
					<dc:creator>BigWorld</dc:creator>

					<description>
						<![CDATA[
						<p>HI there.<br />
My client moved to Host Gator and we got Sitelock. They flagged us for 3 lines of code during the XSS scan:<br />
URL:<a href="http://www.bonnetpro.com?=1&#038;s=1 Cross" rel="nofollow">http://www.bonnetpro.com?=1&#038;s=1 Cross</a> site scripting vulnerability found in args:,s<br />
URL:<a href="http://www.bonnetpro.com?=Search&#038;s=1 Cross" rel="nofollow">http://www.bonnetpro.com?=Search&#038;s=1 Cross</a> site scripting vulnerability found in args:,s<br />
URL:<a href="https://www.bonnetpro.com?=1&#038;s=1 Cross" rel="nofollow">https://www.bonnetpro.com?=1&#038;s=1 Cross</a> site scripting vulnerability found in args:,s</p>
<p>Until we fix these, they have &#8216;decertified&#8217; us. I am at a loss since I am not a coder and did not know if this is a theme related issue.</p>
<p>Do you have any fixes for this?<br />
Thanks very much. You have been very helpful, recently with A Fortuna Revolution slider problem. You found and fixed it! Thanks you, Kal.</p>
<p>Best,<br />
Elaine</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27084</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27084</link>
					<pubDate>Tue, 16 Feb 2016 08:27:44 +0000</pubDate>
					<dc:creator>BlueOwl</dc:creator>

					<description>
						<![CDATA[
						<p>Hi Elaine,</p>
<p>Where exactly is the XSS here?<br />
Could it be that the actual scripting is stripped here in the forum? May you use the CODE html button to wrap your code?</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27135</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27135</link>
					<pubDate>Tue, 16 Feb 2016 15:50:56 +0000</pubDate>
					<dc:creator>BigWorld</dc:creator>

					<description>
						<![CDATA[
						<p>URL:<a href="http://www.bonnetpro.com?=1&#038;s=1 " rel="nofollow">http://www.bonnetpro.com?=1&#038;s=1 </a><br />
URL:<a href="http://www.bonnetpro.com?=Search&#038;s=1" rel="nofollow">http://www.bonnetpro.com?=Search&#038;s=1</a><br />
URL:<a href="https://www.bonnetpro.com?=1&#038;s=1" rel="nofollow">https://www.bonnetpro.com?=1&#038;s=1</a></p>
<p>HI there. I&#8217;m sorry I am not more help but these are the only 3 URLs Sitelock gave me that show whatever it is they are flagging. I&#8217;m not sure what or where the actual code is that generates these URLs.</p>
<p>I am not even sure if this is related to the Savia theme search functions.<br />
Sorry I can not be more help but I am trying to solve the issue for the client.</p>
<p>Thank you&#8230;.</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27144</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27144</link>
					<pubDate>Wed, 17 Feb 2016 09:21:40 +0000</pubDate>
					<dc:creator>BlueOwl</dc:creator>

					<description>
						<![CDATA[
						<p>Hi again,</p>
<p>I am not sure I understand, the theme implements a custom search.php template, but it uses the core $query_string variable for searching that is internally sanitized, so no XSS should be possible here&#8230; ?</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27455</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27455</link>
					<pubDate>Tue, 01 Mar 2016 15:43:35 +0000</pubDate>
					<dc:creator>neogramm</dc:creator>

					<description>
						<![CDATA[
						<p>Hi, same issue here. </p>
<p>The SiteLock scan showed up XSS vulnerability. We tried to explore the causes and looked for a fix on our own. We found out that the Savia theme shows the unfiltered searching-text in title section, so it&#8217;s possible to enter and execute javascript code on the page. We managed to open a pop-up notification through our search field! Only workaround was to disable the search. Afterwards, SiteLock scan succeeded (<a href="http://blueowlcreative.com/support_wp/forums/users/bigworld/" rel="nofollow">@BigWorld</a> perhaps an option for you, too&#8230;)</p>
<p>However, we liked the search very much and want to have it back <img src="http://blueowlcreative.com/support_wp/wp-includes/images/smilies/icon_wink.gif" alt=";)" class="wp-smiley" />  Can you offer any fix for this bug in future updates? In our opinion, this problem also bothers many other users.</p>
<p>Thanks!</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27460</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27460</link>
					<pubDate>Wed, 02 Mar 2016 08:16:19 +0000</pubDate>
					<dc:creator>BlueOwl</dc:creator>

					<description>
						<![CDATA[
						<p>Can you please give me an example of JS being executed? Thanks!</p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27467</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27467</link>
					<pubDate>Wed, 02 Mar 2016 09:05:27 +0000</pubDate>
					<dc:creator>neogramm</dc:creator>

					<description>
						<![CDATA[
						<p>Sure:</p>
<p><a href="https://www.neogramm.de/?s=%3C/title%3E%3Cscript%20language=%22javscript%22%20type=%22text/javascript%22%3Ealert%28%27This%20javascript%20could%20do%20anything!%27%29;%3C/script%3E" rel="nofollow">https://www.neogramm.de/?s=%3C/title%3E%3Cscript%20language=%22javscript%22%20type=%22text/javascript%22%3Ealert%28%27This%20javascript%20could%20do%20anything!%27%29;%3C/script%3E</a></p>
<p>In Firefox, with search field enabled, Javascript is opening a pop up window. </p>
<p>Also described here: <a href="https://wordpress.org/support/topic/xss-vulnerability-1" rel="nofollow">https://wordpress.org/support/topic/xss-vulnerability-1</a></p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27468</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27468</link>
					<pubDate>Wed, 02 Mar 2016 09:51:49 +0000</pubDate>
					<dc:creator>BlueOwl</dc:creator>

					<description>
						<![CDATA[
						<p>Hi again,</p>
<p>The issue is actually in the header.php, please replace this line:</p>
<p><code>printf( __(&#039;Search: %s&#039;,&#039;Savia&#039;), get_query_var(&#039;s&#039;) );</code></p>
<p>with this:</p>
<p><code>printf( __(&#039;Search: %s&#039;,&#039;Savia&#039;), strip_tags(get_query_var(&#039;s&#039;)) );</code></p>
						]]>
					</description>

					
					
				</item>

			
				<item>
					<guid>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27473</guid>
					<title><![CDATA[Reply To: XSS scan vulnerability]]></title>
					<link>http://blueowlcreative.com/support_wp/forums/topic/xss-scan-vulnerability/#post-27473</link>
					<pubDate>Wed, 02 Mar 2016 13:46:39 +0000</pubDate>
					<dc:creator>neogramm</dc:creator>

					<description>
						<![CDATA[
						<p>Thanks guys, works perfectly well. Everything is fine now. Great!</p>
						]]>
					</description>

					
					
				</item>

					
		
	</channel>
	</rss>

