Malware script detector alerted: This site URL may contain possible malicious scripts hosted or injected!
Solutions: Close this window, Disable JavaScript
Detected Malware: XSS URL Injection Malware
Source:htxp://www.google.com/search?client=flock&channel={flock:context}&q=site.tld%2Fimsearch.php%3Fsearch%3D%22%5C%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&ie=utf-8&oe=utf-8&aq=t
See: http://cxsecurity.com/issue/WLB-2012110183 and
[*] XSS: [*]
site.tld/imsearch.php?search="\><script>alert(1);</script>
polonus
Read this description about XSS vulnerabilities, the underestimated exploit: http://www.acunetix.com/websitesecurity/xss/ (link article author for acunetix is Jacques Guillaumier, Technical Engineer), see for the precious alert also this Netcraft extension alert:
This page has been blocked by the Netcraft Anti-Phishing Extension for the following reason:
Suspected XSS Attack
Blocked URL: https://www.google.com/search?client=flock&channel={flock:context}&q=site.tld%2Fimsearch.php%3Fsearch%3D"\><script>alert(1)%3B<%2Fscript>&ie=utf-8&oe=utf-8&aq=t
Visit anyway
These alerts can also be instructive for website owners with vulnerable website software, plug-ins etc. to be aware of such attacks in advance. This one created via exploitable php, like the exploit presented here → Incomedia WebSite X5 Evolution <= 9.0.4.1748 XSS & Auth bypass (checkaccess.php should be patched). That is why I always delve into these Malware script detector alerts…see attached jpg ( To get some idea of this exploit alert’s impact visit: http://newgtldsite.com/dot-site-tld-domain-names/ ! e.g. - Dsite tld, see the image txt)