Page on our site is being blocked - HTML:Script-inf [Susp]

Hello -

We received a report A page on our web site is being blocked by avast. The page is htxps://webstore.maplesoft.com/payment.aspx. Note that in order to see that someone would first need to add a product to the shopping cart (go to htxps://webstore.maplesoft.com) and go through the check-out process until you reach the page that asks for payment. This is the page that is being blocked.

Is this an incorrect flag within your system, or is there actually something on our site that needs to be corrected?

Thank you very much for any information you can provide.

Regards,
Bryon

It could probably be the obfuscated script after


<input type=“hidden” name=“__VIEWSTATE” id=“__VIEWSTATE” etc. etc.
that resulted in this being flagged.

See results from scanning URL: -https://webstore.maplesoft.com/payment.aspx
Number of sources found: 3
Number of sinks found: 191

But status code however is the same throughout that page (uri)

Status codes
These should normally all be the same.

GoogleBot returned code 302 to /index.aspx?BS=1
Google Chrome returned code 302 to /index.aspx?BS=1

Moreover not being flagged here: https://www.virustotal.com/gui/url/c79a66f5cf3d9934c7785d7259c3e4a7d0fa1ed47b9d1e33a6a7e9eabb0beac8/detection

-webstore.maplesoft.com
IIS, headers - 8.5 Not vulnerable
ASP.Net, headers - 4.0.30319 Not vulnerable
Microsoft IIS, headers - 8.5 Not vulnerable
jQuery, script Not vulnerable
jQuery UI, script - 1.11.4 Not vulnerable
2017 Vulners.com vulners.com 22% tracking on website page and 44% ads.

Retirable code: Retire.js jquery-ui-dialog 1.11.4 Found in -https://code.jquery.com/ui/1.11.4/jquery-ui.js Vulnerability info: High CVE-2016-7103 281 XSS Vulnerability on closeText option jquery 1.10.2 Found in -https://code.jquery.com/jquery-1.10.2.js Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

Wait for a final verdict from avast team to hear whether this could be a false positive,
as they are the only ones that can come and unblock,
as we here are just volunteers with specific relevant expertise, but not avast team members.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)