Page 1 of 1
XSS on browser start-up
Posted: Tue Mar 06, 2018 9:38 am
by xting
I got an XSS warning when I opened my browser this morning. Gmail was the only open tab. The XSS went to
www.packtpub.com, a publisher of IT guides.
I had yesterday connected to this page:
https://www.packtpub.com/mapt/book/appl ... nd-binning
I noticed xss requests yesterday and blocked them without paying attention.
I have no packt tabs open today and had none at startup. So why should the requests still be made?
Re: XSS on browser start-up
Posted: Tue Mar 06, 2018 2:14 pm
by barbaz
Did you have the new tab page open?
Re: XSS on browser start-up
Posted: Wed Mar 07, 2018 11:14 am
by xting
No. There are are no tabs open to the suspect site.
The NoScrit warning has been appearing whenever I restart my browser for a few days now.
This morning it came up when I started Firefox and, again, the only open tabs were gmail, and pages on the NoScript and Information forum.
The XSS warning reads thus:
Code: Select all
"""
NoScript detected a potential Cross-Site Scripting attack
from [...] to https://www.packtpub.com.
Suspicious data:
(URL) https://www.packtpub.com/mapt/book/application_development/9781783985128/9/ch09lvl1sec79/{{metadataController.imagePath}}
"""
I did a quick search of files in my Firefox extension folder to see if any contained the text 'packtpub', but none appeared to.
Re: XSS on browser start-up
Posted: Wed Mar 07, 2018 3:31 pm
by barbaz
xting wrote:There are are no tabs open to the suspect site.
I got that. I ask about the page that comes up when you open a new tab in Firefox.