Security Scan

We had our first security scan over the weekend since moving to WiredTree and we failed miserably. I’ve been working with the host since then to resolve things. We did upgrade the version of PHP and that solved about half of the vulnerabilities that the scan found. Now we are down to a small list of remaining things. The host says COULD disable these, but they don’t know what they are and they don’t want to break something we are using.

Here is a list of the things I'm referring to that are listed as the outstanding issues:

  • admin access to web application (MailWorks)
  • phpBB allows cross site scripting
  • Advanced Guestbook allows cross site scripting
  • Script allows SQL injection (Cerberus Helpdesk)
  • Unauthorized Access via W Server (ByteHoard)
  • Cerberus Helpdesk cross site scripting
  • phpWebSite allows cross site scripting
  • Cross site scripting vulnerability in sort_order parameter to /class-rings/compass-collection.html
  • Cross site scripting vulnerability in sort_by parameter to /class-rings/compass-collection.html

    Any feedback on resolving these would be appreciated.


It kinds of sounds like you need to get with “Cerberus Helpdesk” on lot of these. When we have problems with our scan outside the scope of our host we go to the software company who created the program.

Also get rid of (remove, delete ect…) Advanced Guestbook, phpWebsite and Advanced Guestbook - Sno