Page 1 of 1
alert no script
Posted: Tue Apr 07, 2009 5:53 pm
by g113
good evening,
i'm french please excuse my english, but i have a problem with my web page, i have this alert and i don't now what doing !
thanks
Re: alert no script
Posted: Tue Apr 07, 2009 6:13 pm
by therube
Check Error Console & see if it provides further information on the (potential) XSS & post the information here.
Link: Netvibes
Re: alert no script
Posted: Tue Apr 07, 2009 8:52 pm
by g113
I suppose you mind that, it's the message in my console
[NoScript XSS] Nettoyé requête suspicieuse. URL originale [
http://1292528297.nvmodules.netvibes.co ... C%2Fdiv%3E] demandée depuis [
http://www.netvibes.com/#General]. URL nettoyée : [
http://1292528297.nvmodules.netvibes.co ... 5196866220].
Re: alert no script
Posted: Wed Apr 08, 2009 7:43 pm
by g113
up !
Re: alert no script
Posted: Wed Apr 08, 2009 9:07 pm
by Giorgio Maone
NoScript is correct.
That page is actually vulnerable to XSS: try to open
this url on a browser without NoScript.
IE8 will detect the XSS. Other browsers (including Firefox without NoScript) will show a XSS popup I'm injecting on the target page.
I strongly advidse to disable the Good Planet widget.
Re: alert no script
Posted: Thu Apr 09, 2009 3:12 pm
by g113
thanks, but i can't disable this widget
Re: alert no script
Posted: Thu Apr 09, 2009 3:31 pm
by Giorgio Maone
g113 wrote:thanks, but i can't disable this widget
Then the less risky thing you can do then is granting the netvibes.com main page a free pass for sending XSS like request, by adding the following line in
NoScript Options|Advanced|XSS|Exceptions:
Re: alert no script
Posted: Thu Apr 09, 2009 6:21 pm
by g113
thank you very much
it works
