Malware script detector alert on XSS vulnerability..

[polonus]

Malware script detector alerted: This site URL may contain possible malicious scripts hosted or injected!

Solutions: Close this window, Disable JavaScript

Detected Malware: XSS URL Injection Malware

Source:htxp://www.google.com/search?client=flock&channel={flock:context}&q=site.tld%2Fimsearch.php%3Fsearch%3D%22%5C%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&ie=utf-8&oe=utf-8&aq=t

See: http://cxsecurity.com/issue/WLB-2012110183  and

Code: [Select]

[*] XSS: [*]
site.tld/imsearch.php?search="\><script>alert(1);</script>
polonus

[polonus]

Read this description about XSS vulnerabilities, the underestimated exploit: http://www.acunetix.com/websitesecurity/xss/  (link article author for acunetix is Jacques Guillaumier, Technical Engineer), see for the precious alert also this Netcraft extension alert:

This page has been blocked by the Netcraft Anti-Phishing Extension for the following reason:

Suspected XSS Attack

Blocked URL: https://www.google.com/search?client=flock&channel={flock:context}&q=site.tld%2Fimsearch.php%3Fsearch%3D%22%5C%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&ie=utf-8&oe=utf-8&aq=t

 Visit anyway

These alerts can also be instructive for website owners with vulnerable website software, plug-ins etc. to be aware of such attacks in advance. This one created via exploitable php, like the exploit presented here -> Incomedia WebSite X5 Evolution <= 9.0.4.1748 XSS & Auth bypass (checkaccess.php should be patched). That is why I always delve into these Malware script detector alerts...see attached jpg ( To get some idea of this exploit alert's impact visit: http://newgtldsite.com/dot-site-tld-domain-names/  ! e.g. - Dsite tld, see the image txt)