View Full Version : Cross site scripting attack flagged !

27th Jun 2015, 09:32
"NoScript" just flagged a Cross site scripting attack from http://www.arpoc.org/activations/326-june-28h-sunday-river.html It seems to be something to do with "s7.addthis.com"

THis is in the NoScript consol log ...


.d8888b. 888 888
d88P Y88b 888 888
Y88b. 888 888 This is a browser feature intended for
"Y888b. 888888 .d88b. 88888b. 888 developers. If someone told you to copy
"Y88b. 888 d88""88b 888 "88b 888 and paste something here to enable a
"888 888 888 888 888 888 Y8P Facebook feature or "hack" someone's
Y88b d88P Y88b. Y88..88P 888 d88P account, it is a scam and will give them
"Y8888P" "Y888 "Y88P" 88888P" 888 access to your Facebook account.

For more information, see https://www.facebook.com/selfxss.


27th Jun 2015, 17:30
Thats interesting. the addthis plugin is disabled so it shouldn't be doing anything!

I'll take a look in to it.

28th Jun 2015, 18:46
Looks like this is a common problem with the addthis script.

The script is safe and seems to load on every page (strange how the warning only comes up on that page though). We don't use it here anyway so I have removed it just to be sure we are all safe.

Good catch Peter. Please let me know if the error is gone.