Cross site scripting attack flagged !

G0DZB

Member #84
Award Moderator
"NoScript" just flagged a Cross site scripting attack from http://www.arpoc.org/activations/326-june-28h-sunday-river.html It seems to be something to do with "s7.addthis.com"

THis is in the NoScript consol log ...

"


Code:
 .d8888b.  888                       888    
d88P  Y88b 888                       888    
Y88b.      888                       888    This is a browser feature intended for 
 "Y888b.   888888  .d88b.  88888b.   888    developers. If someone told you to copy 
    "Y88b. 888    d88""88b 888 "88b  888    and paste something here to enable a 
      "888 888    888  888 888  888  Y8P    Facebook feature or "hack" someone's 
Y88b  d88P Y88b.  Y88..88P 888 d88P         account, it is a scam and will give them 
 "Y8888P"   "Y888  "Y88P"  88888P"   888    access to your Facebook account.
                           888              
                           888              
                           888
For more information, see https://www.facebook.com/selfxss.
"

HTH
 

M0LMK

Member #2
Full Member
Staff member
Thats interesting. the addthis plugin is disabled so it shouldn't be doing anything!

I'll take a look in to it.
 

M0LMK

Member #2
Full Member
Staff member
Looks like this is a common problem with the addthis script.

The script is safe and seems to load on every page (strange how the warning only comes up on that page though). We don't use it here anyway so I have removed it just to be sure we are all safe.

Good catch Peter. Please let me know if the error is gone.
 
Top