Page 1 of 1
"Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 8:15 pm
by MoFF
Hello,
First off I'm literately very,
very happy that NoScript exists, as I feel practically naked when on a comp without it!
But... I'm playing League of Legends, and have been visiting a guide site called "mobafire.com" 100th of times, and there has never been anything.
Now I get "Noscript filtered a potential cross-site script XSS attempt from mobafire.com"
I've uploaded 2 screenshots, one of the NoScript console and one of mobafire.com showing the actual message.
http://imageshack.dk/viewimage.php?file ... 741538.png
NoScript console
http://imageshack.dk/viewimage.php?file ... 741672.png
Screen of site in question.
Thank you in advance!
Re: "Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 9:30 pm
by barbaz
Does the site still work properly despite the XSS warning?
If not, could you please post the messages from the Browser Console that start with [NoScript ?
Re: "Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 9:43 pm
by MoFF
There was a short period where it didn't, but now it does, still displaying the same message, though.
Is this the NoScript console?
http://imageshack.dk/viewimage.php?file ... 746970.png
Thank you for your help!
Re: "Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 9:50 pm
by barbaz
You are looking in the right place but those aren't the related messages...
Look there for messages that start with
[NoScript
and post those here in code tags (or upload as another screenshot if you're tripping the spam filter)
Re: "Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 10:07 pm
by Guest
Could it be this you're looking for?
http://imageshack.dk/viewimage.php?file ... 748389.png
Re: "Cross site scripting XSS" visited 100th of times
Posted: Thu Mar 13, 2014 11:03 pm
by barbaz
Yep that's it. Looks related to ads. Maybe could be malvertising of sorts...
Whether there's really XSS or any threat at all, I don't know, but I'd suggest you leave it alone and thank NoScript for potentially saving you.
You might also want to consider reporting this to the webmaster in case the site's been hacked.
Re: "Cross site scripting XSS" visited 100th of times
Posted: Sat Mar 15, 2014 8:41 pm
by Guest
barbaz wrote:Yep that's it. Looks related to ads. Maybe could be malvertising of sorts...
Whether there's really XSS or any threat at all, I don't know, but I'd suggest you leave it alone and thank NoScript for potentially saving you.
You might also want to consider reporting this to the webmaster in case the site's been hacked.
First off, I wanna apologize for not replying earlier, now that you have been this active in topic to help me out!! I really appreciate it!
But I just finished some exams, and pulled the plug on my net, not to get distracted
Think I will try to contact their support, and tell them about this - no matter what it's not gonna hurt
Now I get to a second question; I can't login now? I can see what my username is on the topic, and I'm absolutely sure what email I registered with, but it doesn't recognize my email and/or username.
Getting this message "The e-mail/username information submitted could not be found."
Think I will donate some more after this excellent and fast support!
Re: "Cross site scripting XSS" visited 100th of times
Posted: Sat Mar 15, 2014 10:34 pm
by barbaz
Thanks for the kind words, but (at least as of this writing) I'm not part of the official Support Team, or even a moderator, so I'm not able to help get your login working, sorry.
Re: "Cross site scripting XSS" visited 100th of times
Posted: Sun Mar 16, 2014 12:47 am
by Guest
Guest wrote:barbaz wrote:Yep that's it. Looks related to ads. Maybe could be malvertising of sorts...
Whether there's really XSS or any threat at all, I don't know, but I'd suggest you leave it alone and thank NoScript for potentially saving you.
You might also want to consider reporting this to the webmaster in case the site's been hacked.
First off, I wanna apologize for not replying earlier, now that you have been this active in topic to help me out!! I really appreciate it!
But I just finished some exams, and pulled the plug on my net, not to get distracted
Think I will try to contact their support, and tell them about this - no matter what it's not gonna hurt
Now I get to a second question; I can't login now? I can see what my username is on the topic, and I'm absolutely sure what email I registered with, but it doesn't recognize my email and/or username.
Getting this message "The e-mail/username information submitted could not be found."
Think I will donate some more after this excellent and fast support!
Re: "Cross site scripting XSS" visited 100th of times
Posted: Mon Mar 17, 2014 12:33 am
by Thrawn
@Guest: The username you used earlier is not linked to an account; you posted anonymously. Notice that barbaz' name and mine are hyperlinks to our profile pages, but yours is plain text. Feel free to register it if you wish.
Re: "Cross site scripting XSS" visited 100th of times
Posted: Wed Mar 19, 2014 2:26 pm
by MoFF
Ahh ok hehe
Done ^^