Website vulnerable, probably via Joomla software.
wXw.nodus.no/media/system/js/caption.js benign
[nothing detected] (script) wXw.nodus.no/media/system/js/caption.js
status: (referer=wXw.nodus.no/)saved 729 bytes 42c45161c94773d3d73d8b0c55ac7ddae5137502
info: [decodingLevel=0] found JavaScript
suspicious: see Sucuri scan triggered rule clickjack issue that came in a plug-in
=== Triggered rule ===
alert(url_content:“%3C”; url_content:“%2F”; url_content:“%3E”; msg:“Suspicious looking GET request containing %3C, %3E, and %2F. Suspiciously HTML-like.”; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
http://www.google.com/search?client=flock&channel={flock:context}&q=t%3D''%3B}}x[l-a]%3Dz%3B}document.write('<'%2Bx[0]%2B'+'%2Bx[4]%2B'>.'%2Bx[2]%2B'{'%2Bx[1]%2B'}<%2F'%2Bx[0]%2B'>')%3B}dnnViewState()%3B&ie=utf-8&oe=utf-8&aq=t
polonus