Live Helper Chat support forum.. Forum is locked. New place for questions - Github Discussions
You are not logged in.
- Topics: Active | Unanswered
Announcement
#1 2015-08-13 06:04:35
- zaid.ilink
- Member
- Registered: 2015-02-20
- Posts: 11
NoScript for Firefox consider LHC chat call as XSS attack
Hello,
Below is the output logged in console by plugin. Due to this affected users considering our application as vulnerable. Any help will be apprciated.
[NoScript InjectionChecker] JavaScript Injection in ///lhc_web/index.php/chat/chatwidget/(leaveamessage)/true/(theme)/1/(vid)/7g60b6038fyykbpo14?URLReferer=%2F%2F[SITE_URL]%2F%23%2Fhome&prefill[username]=SampleUser(016720143420178)&prefillemail=sample.user%40sampledomain.com&prefill[phone]=(456)789-4566&dt=ProductName%20â??%20Tax%20Software%20for%20your%20Tax%20Office
(function anonymous() {
lhc_web/index.php/chat/chatwidget/(leaveamessage)/true/(theme) / COMMENT_TERMINATOR /
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request. Original URL [https://[CHAT_DOMAIN]/lhc_web/index.php/chat/chatwidget/(leaveamessage)/true/(theme)/1/(vid)/7g60b6038fyykbpo14?URLReferer=%2F%2F[SITE_URL]%2F%23%2Fhome&prefill[username]=Sample%20User%20(016720143420178)&prefillemail=sample.user%40sampledomain.com&prefill[phone]=(4ProductName%20%E2%80%93%20Tax%20Software%20for%20your%20Tax%20Office] requested from [https://[SITE_URL]/]. Sanitized URL: [https://[CHAT_DOMAIN]/#6250017314905367851].
Last edited by zaid.ilink (2016-01-04 05:07:14)
Offline
#2 2015-08-13 06:31:58
- remdex
- Administrator
- From: Lithuania
- Registered: 2012-09-23
- Posts: 3,661
- Website
Re: NoScript for Firefox consider LHC chat call as XSS attack
Sorry, but I don't know how could I help you.
Offline