We had our first security scan over the weekend since moving to WiredTree and we failed miserably. Iâ€™ve been working with the host since then to resolve things. We did upgrade the version of PHP and that solved about half of the vulnerabilities that the scan found. Now we are down to a small list of remaining things. The host says COULD disable these, but they donâ€™t know what they are and they donâ€™t want to break something we are using.
Here is a list of the things I'm referring to that are listed as the outstanding issues:
- admin access to web application (MailWorks)
- phpBB allows cross site scripting
- Advanced Guestbook allows cross site scripting
- Script allows SQL injection (Cerberus Helpdesk)
- Unauthorized Access via W Server (ByteHoard)
- Cerberus Helpdesk cross site scripting
- phpWebSite allows cross site scripting
- Cross site scripting vulnerability in sort_order parameter to /class-rings/compass-collection.html
- Cross site scripting vulnerability in sort_by parameter to /class-rings/compass-collection.html
Any feedback on resolving these would be appreciated.