Advertisement:

Author Topic: blocked because of Cross-site Scripting  (Read 1475 times)

o0void0o

  • Newbie
  • *
  • Posts: 1
blocked because of Cross-site Scripting
« on: May 09, 2011, 12:01:23 pm »
Hey there guys

I have the weird problem.I installed osclass 2.0.3.All was well and  i could see  the adds perfectly..Now here comes the issue. When I logged into the admin back end /oc-admin and start changing stuff my hosting company blocked my ip. I phoned a few times already to unblock it and the behavior is still the same.As soon as i start changing back end settings i get blocked.

They tell me that they detected a Cross-site Scripting attack...

Not sure what todo..Any help would be very much appreciated.

Thanks a mil guys.

_CONEJO

  • Administrator
  • Hero Member
  • *****
  • Posts: 4689
Re: blocked because of Cross-site Scripting
« Reply #1 on: May 10, 2011, 11:25:41 am »
Hi o0void0o,


The only thing I could came up is that the oc-admin panel load "news" and check for updates against osclass.org server (and well, if you put your Google Maps API KEY or your Akismet KEY or reCaptcha KEY, when an item is published it will connect to their servers). Could you ask your hosting company to give you some more information?

I'm pretty sure OSClass doesn't do anything strange nor cross-site scripting (it had appeared on the github commits which are reviewed), so If they could tell you what is exactly happening we could help you, and probably fix (if any) the issue.

Thanks