shubham_found_xss

[don01234]

Hi all,

 

It just started today, when I go to admin/index.php I get this small pop up message "The page at https://mysite says:  /shubham_found_xss/".

 

I found similar thing on web and following is address of screenshot that I found:

 

 https://cloud.githubusercontent.com/assets/81969/2735669/ef35df24-c662-11e3-8f4b-b7ed15b7705b.png

 

Does anyone know how to get rid of this?  Any help will be much appreciated.

 

Thanks,

 

Don

[Harald Ponce de Leon]

Hi Don..

 

A security person has scanned our websites for security vulnerabilities and discovered one on our Add-Ons site that unfortunately propagated through the RSS feed. The Administration Tool Dashboard uses this RSS feed to display the latest Add-Ons. No information of any kind was accessed - only a browser alert box was shown.

 

We've already fixed this on our end and have cleared Google's cache of the RSS feed. If you're still experiencing this, your local cache of the RSS feed can be deleted at the following directory:

 

includes/work/

 

The feeds start with a filename of rss_

 

There should be two which can you safely delete. (one for the latest news, and a second one for the latest add-ons)

[don01234]

Thank you so much for quick reply, Harald.  

 

Deleted those files and it's working fine.

 

I seen your pics on oscommerce sites but solving problems for little merchant like me. 

Wow all I can say is I'm not worthy, I'm not worthy.   :D

 

Thanks again.

[fiodh]

Deleting those cache files didn't work for me. I am still having the issue. I think I might prefer to just uninstall the entire RSS module area to prevent future risk.