Possible Cross-Site-Scripting-Attack from Nabble

Hi,

my NoScript-Plugin has reported a Cross Site Scripting attack from my Nabble-Forum:

[NoScript XSS] Sanitised suspicious upload to [http://bob.nabble.com/Update.jtp###DATA###%3Ctitle
%3EModeration+-+test%3C%2Ftitle%3E%0D%0A%09%09%09%09%09%3Cdiv+id%3D%22notice%22+
class%3D%22notice+rounded-bottom%... and so on] 
from [http://forum.<myforum>.nabble.com/test-td1358.html]:
 transformed into a download-only GET request

Today was the first time.

Should I be worried?

With some more time, let me try again.

My Browser (Firefox 18.0.1 with Ghostery, HTTPS Everywhere, NoScript, Adblock Plus) let me know, that there is a possible XSS-Attack from the Nabble-Forum. It seems to be related to the Nabble Ad-Banner on the Thread-Sites. This occurs since yesterday.



I have an error report that I would send someone from Nabble.

My Forum is closed for now. It would be great if someone could look at it.

Thanks in advance.

(I'm using google translations... Sorry for that.)

Please, give me your forum's address.
It should not block our ads, because it is google ad sense frame, not pop up.

@Pedro: You have mail.

Hi David, please don't worry, this is not an attack. Nabble has a bayesian algorithm that evaluates a page and determines if it is safe or not to show ads. This is needed because most ad networks have a strict policy and we must follow it or die. Yesterday we moved the bayes code to another server and each page must now communicate with it.  I was not aware that this communication would trigger the XSS attack notice you mentioned, so we will fix that immediately. Thanks for reporting this issue.

Hi Hugo (& Pedro),

thank you for your quick response and for your help! Then I will open my forum again.

Hi David, I just want to let you know that we have changed how our bayesian algorithm communicates with our servers. Please let us know if you still see any issues with NoScript or any other Firefox add-on. Thanks for your feedback!

Looks fine to me, thank you again!