[SOLVED] XSS at wizard.com login

Bug reports and enhancement requests
Post Reply
User avatar
Lucas Malor
Senior Member
Posts: 71
Joined: Tue Nov 09, 2010 2:01 pm
Contact:
Contact Lucas Malor

[SOLVED] XSS at wizard.com login

Post by Lucas Malor »

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [https://accounts.wizards.com/remotel.aspx] from [http://community.wizards.com/go/network/login]: transformed into a download-only GET request.
Last edited by Lucas Malor on Mon Jun 04, 2012 5:25 pm, edited 1 time in total.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9527
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: XSS at wizard.com login

Post by Giorgio Maone »

You probably just need to allow "accounts.wizard.com", or the whole "wizard.com".
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Top
User avatar
Lucas Malor
Senior Member
Posts: 71
Joined: Tue Nov 09, 2010 2:01 pm
Contact:
Contact Lucas Malor

Re: XSS at wizard.com login

Post by Lucas Malor »

I removed the XSS exception and there's no more the error... oh well.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Top
User avatar
therube
Ambassador
Posts: 7971
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: [SOLVED] XSS at wizard.com login

Post by therube »

(I thought that was going to be the Washington Wizards aka the Baltimore Bullets. And you thought Chicago was a dangerous town.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120604 Firefox/14.0a2 SeaMonkey/2.11a2
Top
Post Reply

Return to “NoScript Development”