Posted by David H. on Feb 04, 2013; 8:25pm
URL: https://support.nabble.com/Possible-Cross-Site-Scripting-Attack-from-Nabble-tp7582908.html

Hi,

my NoScript-Plugin has reported a Cross Site Scripting attack from my Nabble-Forum:

[NoScript XSS] Sanitised suspicious upload to [http://bob.nabble.com/Update.jtp###DATA###%3Ctitle
%3EModeration+-+test%3C%2Ftitle%3E%0D%0A%09%09%09%09%09%3Cdiv+id%3D%22notice%22+
class%3D%22notice+rounded-bottom%... and so on] 
from [http://forum.<myforum>.nabble.com/test-td1358.html]:
 transformed into a download-only GET request

Today was the first time.

Should I be worried?