Cross Site Scripting

foghorn leghorn

Hi,

I use Bitdefender Internet Security 2014 and I've only recently installed it so I'm still finding my way round it. Today I have been surfing the internet using IE10 when a message came up at the bottom of the screen saying it had modified the page to prevent cross site scripting.

I am confused as this has never happened before. Reading up on it seems to be something to do with malicious links and yet I was only on Youtube and never click any links on there.

So my questions are why didn't Bitdefender do anything if something on the page was malicious and what is cross site scripting in an easy explanation?

Thanks.

ps I had to do a complete system restore the other day due to driver issues-would it have something to do with this?

Nesivos

Hi,

I use Bitdefender Internet Security 2014 and I've only recently installed it so I'm still finding my way round it. Today I have been surfing the internet using IE10 when a message came up at the bottom of the screen saying it had modified the page to prevent cross site scripting.

I am confused as this has never happened before. Reading up on it seems to be something to do with malicious links and yet I was only on Youtube and never click any links on there.

So my questions are why didn't Bitdefender do anything if something on the page was malicious and what is cross site scripting in an easy explanation?

Thanks.

ps I had to do a complete system restore the other day due to driver issues-would it have something to do with this?

IE10 comes with a Cross-site scripting (XSS) filter.

From the issue description, I understand that you get ****** errors in Internet Explorer 10.

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website

You can disable XSS filter to stop ****** errors. But if that does not work, then you can try out the rest of the methods.

See link above for more.

I also found this about previous versions of Bitdefender Internet Security being vulnerable to cross site scripting. It is from over four years ago. Maybe the issue was never escalated via the Forum and remains unfixed?

Vulnerability description

BitDefender Internet Security is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when scanning a file. A remote attacker could exploit this vulnerability to inject malicious ****** into a filename which would be executed once the file is scanned. An attacker could use this vulnerability to launch a cross-site scripting attack on the system.