iThemes Security – a javascript pop up when accessing the logs tab from link

  • I just logged into one of my sites to look at the iThemes Security – security logs and when I clicked on the logs tab, I received a javascript alert box with “/openvas-xss-test/”. 1st freaked out something was wrong, I looked at the source code to see what caused it and here is the line, for the “<td class=’data column-data’>”.

    <tr><td class=’function column-function’>404 Error</td><td class=’priority column-priority’>3</td><td class=’time column-time’>2016-03-25 13:56:25</td><td class=’host column-host’>107.6.137.66</td><td class=’user column-user’></td><td class=’url column-url’>/w-cms/</td><td class=’referrer column-referrer’></td><td class=’data column-data’><div class=”itsec-all-log-dialog” id=”itsec-log-all-row-19″ style=”display:none;”>

    • <h3>query_string = p=<script>alert(/openvas-xss-test/)</script></h3>

    </div>Details</td></tr>

    From the access log file here is the link that was logged.
    107.6.137.66 – – [25/Mar/2016:08:56:25 -0500] “GET /w-cms/?p=<script>alert(/openvas-xss-test/)</script> HTTP/1.0” 404 42759 “-” “Mozilla/5.0 [en] (X11, U; OpenVAS 7.0.5)”

    Should this be happening, or should this be escaped or split up phrases like “<script>alert(/openvas-xss-test/)</script>” to prevent it from occurring to users just viewing their logs?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 5 replies - 1 through 5 (of 5 total)

  • @jontaarcs

    Are you using the latest iTSec plugin release (5.3.4)?

    Dwinden

    Thread Starter jontaarcs

    (@jontaarcs)

    Opps, I did not mention my version, I am on version Version 5.3.3. I usually wait a week before updating to new release to avoid any possible bugs.

    I just upgraded to version 5.5.4 then went to the Logs Tab, and still get the Javascript popup. I also went to page 2 and get it to load there for the record I showed above (now at the top of page 2)

    Thanks,

    @jontaarcs

    Ok, I see.

    Once the 404 log record is created in the log table I think it makes no difference whether using the iTSec release 5.3.3 or 5.3.4.
    Just wanted to make sure you are on a recent release.

    What browser and what version of that browser are you using ?

    dwinden

    Thread Starter jontaarcs

    (@jontaarcs)

    @dwinden

    Mac (10.11.4), Chrome Version 49.0.2623.108 (64-bit)
    Also just duplicated in alert loading on the logs page in:
    Safari Version 9.1
    Opera Version 36.0.2130.32

    Also I will get an alert for each line that has the alert code. On one page as I was scrolling through to find them I had just one, then the next page I had 4 alerts, for the 4 separate log entries that were on that page.

    Let me know if you need any other information.

    @jontaarcs

    Thank you for providing that info.

    I’m taking a closer look into this. Would it be possible for you to email me at [ redacted, support is not offered via email, Skype, IM etc. only in the forums ]

    Thanks,

    dwinden

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘iThemes Security – a javascript pop up when accessing the logs tab from link’ is closed to new replies.