Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By rahuldata on
After scanning from testing tool we found below drupal's files Reflected Cross Site Scripting
index-with-imagick.php
page_manager.admin.inc
facebook_pages.php
login.php
timeline.php
widget\index.php
menu.php
special_textscroller.php
hybrid\auth.php
hybridauth\install.php
php\index.php
social_hub\profile.php
social_hub\status.php
class.krumo.php
Please help me to provide the solution for How to prevent drupal's files from Reflected Cross Site Scripting?
Comments
These files look like they
These files look like they are not from Drupal but are parts of external libraries. You should work with the vendor of the external libraries to understand the problems and fix them.
If the files are not used by your site its possible you can just remove them (this is often the case that 3rd party library code has example files that are not used by Drupal sites).
--
Morris Animal Foundation