Someone just scan my website and send me this :
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form.
Attack details
Form name: userForm
Form action: https://mywebsite.com/your-details.html
Form method: POST
Form inputs:
username [Text]
name [Text]
password [Password]
password2 [Password]
email [Text]
company [Text]
title [Select]
first_name [Text]
middle_name [Text]
last_name [Text]
address_1 [Text]
address_2 [Text]
zip [Text]
city [Text]
virtuemart_country_id [Select]
virtuemart_state_id [Select]
phone_1 [Text]
phone_2 [Text]
fax [Text]
Maywecontactyou [Select]
atcf [Text]
Ethics [Select]
Terms [Select]
task [Hidden]
address_type [Hidden]
option [Hidden]
controller [Hidden]
How can i fix that ?
Bump
On-line scanners are notoriously unreliable so any reports should be investigated with great care..
Have you updated to the current security fixed version? http://virtuemart.net/news/list-all-news/446-important-security-release-vm-team-at-joomladay-germany
Thank you for your respond. Yes i'm using the latest VM version.
Acunetix WVS is not Online Scanner. It is software.