good evening,
i'm french please excuse my english, but i have a problem with my web page, i have this alert and i don't now what doing !
thanks
alert no script
alert no script
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.8) Gecko/2009032609 Firefox/2.0.0.7
Re: alert no script
Check Error Console & see if it provides further information on the (potential) XSS & post the information here.
Link: Netvibes
Link: Netvibes
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16
Re: alert no script
I suppose you mind that, it's the message in my console
[NoScript XSS] Nettoyé requête suspicieuse. URL originale [http://1292528297.nvmodules.netvibes.co ... C%2Fdiv%3E] demandée depuis [http://www.netvibes.com/#General]. URL nettoyée : [http://1292528297.nvmodules.netvibes.co ... 5196866220].
[NoScript XSS] Nettoyé requête suspicieuse. URL originale [http://1292528297.nvmodules.netvibes.co ... C%2Fdiv%3E] demandée depuis [http://www.netvibes.com/#General]. URL nettoyée : [http://1292528297.nvmodules.netvibes.co ... 5196866220].
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.8) Gecko/2009032609 Firefox/2.0.0.7 (.NET CLR 3.5.30729)
Re: alert no script
up !
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.8) Gecko/2009032609 Firefox/2.0.0.7 (.NET CLR 3.5.30729)
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: alert no script
NoScript is correct.
That page is actually vulnerable to XSS: try to open this url on a browser without NoScript.
IE8 will detect the XSS. Other browsers (including Firefox without NoScript) will show a XSS popup I'm injecting on the target page.
I strongly advidse to disable the Good Planet widget.
That page is actually vulnerable to XSS: try to open this url on a browser without NoScript.
IE8 will detect the XSS. Other browsers (including Firefox without NoScript) will show a XSS popup I'm injecting on the target page.
I strongly advidse to disable the Good Planet widget.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Re: alert no script
thanks, but i can't disable this widget
Opera/9.64 (Windows NT 6.0; U; fr) Presto/2.1.1
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: alert no script
Then the less risky thing you can do then is granting the netvibes.com main page a free pass for sending XSS like request, by adding the following line in NoScript Options|Advanced|XSS|Exceptions:g113 wrote:thanks, but i can't disable this widget
Code: Select all
^@http://www.netvibes.com/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Re: alert no script
thank you very much
it works
it works
Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.0.8) Gecko/2009032609 Firefox/2.0.0.7