Hi everyone. Today I started working with some of the member options/features for items that are required in order to join, items that can be viewed by admin, members, visitors, and so on. I didn't make any major changes since I didn't add any new fields, but I did remove the mandatory from some options and I did remove a couple of fields that would be visible to visitors. When I was done, I received the following in an email message and I was wondering if this message contains something for me to be concerned about? Our server has a firewall and several other features/modules in place to make it very secure, that's why that email content kind'a through me for a loop. Any insight would be appreciated. Thank you.
Total impact: 24
Affected tags: xss, csrf
Variable: REQUEST.Caption | Value: I have read and agreed with <a href=\"terms_of_use.php\" target=\"_blank\">Terms of Use</a>.
Impact: 12 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Variable: POST.Caption | Value: I have read and agreed with <a href=\"terms_of_use.php\" target=\"_blank\">Terms of Use</a>.
Impact: 12 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
REMOTE_ADDR: 72.185.196.38
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /var/www/virtual/REMOVED/htdocs/administration/fields.parse.php
QUERY_STRING:
REQUEST_URI: /administration/fields.parse.php
QUERY_STRING:
SCRIPT_NAME: /administration/fields.parse.php
PHP_SELF: /administration/fields.parse.php
