It is a potential suspiscious webaccessibilty testing javascript code injection for avast.com/9/web/j/jquery.js (iframetabindex): http://jsunpack.jeek.org/?report=a44338ddf846b1625a9672c57c378e07505679b2
also found in attack code like Blocked URL: q=%5B.fn%5Bc%5D.src%3Br%3Dr%2526%2526r%2Ba()%3Bq%3D%24(‘%3Ciframetabindex%3D&oq=%5B.fn%5Bc%5D.src%3Br%3Dr%2526%2526r%2Ba()%3Bq%3D%24(’%3Ciframetabindex%3D& blocked by Netcraft extension as Suspected XSS Attack
No it does not imply that. The code used is not suspicious or malicious as such. It is just a code insecurity that has some slight potential to be abused or the coding practices used by the external developers of that bit of code, quttera flags as not optimal where secure coding is concerned. They are more or less “preaching to the choir” of secure coding practitioners. And you know coders and developers are often under heavy pressure to deliver and secure coding is not always their first priority. So nothing to be alarmed about, just a hick up that could be coded better.
Actually it is the tiny bit
Nothing so bad about it, only reason it is being flagged because it is hidden code and the quttera scanner stumbles on that accent mark and so flags it, so it could be a hidden frame color code. It is just flagged because in a strict sense it is not secure code hex…only under certain conditions the code could be insecure and being abused, here it is not.
Examples of real xss attack code: <IMG%20SRC=‘%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)’>