I am using amember pro version 3.1.8.. haven't updated to the newest version. I made too many changes to my template to update. I got my host to fix most of the issues, so I am down to only 2 vulnerabilities that need to be corrected before I am compliant (fingers crossed.) Issue #1: Web Application Cross Site Scripting The remote web application appears to be vulnerable to cross-site scripting (XSS). The cross-site scripting attack is one of the most common, yet overlooked, security problems facing web developers today. A web site is vulnerable if it displays user-submitted content without sanitizing user input. General Solution: When accepting user input ensure that you are HTML encoding potentially malicious characters if you ever display the data back to the client. Ensure that parameters and user input are sanitized by doing the following: # Remove < input and replace with < # Remove > input and replace with > # Remove ' input and replace with ' # Remove " input and replace with " # Remove ) input and replace with ) # Remove ( input and replace with ( Issue #2: Unencrypted Sensitive Form Detected I think I might have fixed this one, but I may need it to be looked at. The priority is issue #1. Thanks for any help. I've been trying to figure this out for a long time.
3.0.8 is almost 4 years old. Given the number of security, stability and functionality changes in that time frame I would really consider upgrading. The time spent reproducing the templates will be better time spent than trying to retrofit patches for every exploit that has been plugged over the years.
Please contact us via helpdesk (with more detailed info if possible - there should be urls for these problems) and you will get it resolved by Monday.