don01234 Posted August 7, 2014 Share Posted August 7, 2014 Hi all, It just started today, when I go to admin/index.php I get this small pop up message "The page at https://mysite says: /shubham_found_xss/". I found similar thing on web and following is address of screenshot that I found: https://cloud.githubusercontent.com/assets/81969/2735669/ef35df24-c662-11e3-8f4b-b7ed15b7705b.png Does anyone know how to get rid of this? Any help will be much appreciated. Thanks, Don Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted August 7, 2014 Share Posted August 7, 2014 Hi Don.. A security person has scanned our websites for security vulnerabilities and discovered one on our Add-Ons site that unfortunately propagated through the RSS feed. The Administration Tool Dashboard uses this RSS feed to display the latest Add-Ons. No information of any kind was accessed - only a browser alert box was shown. We've already fixed this on our end and have cleared Google's cache of the RSS feed. If you're still experiencing this, your local cache of the RSS feed can be deleted at the following directory: includes/work/ The feeds start with a filename of rss_ There should be two which can you safely delete. (one for the latest news, and a second one for the latest add-ons) , osCommerce Link to comment Share on other sites More sharing options...
don01234 Posted August 7, 2014 Author Share Posted August 7, 2014 Thank you so much for quick reply, Harald. Deleted those files and it's working fine. I seen your pics on oscommerce sites but solving problems for little merchant like me. Wow all I can say is I'm not worthy, I'm not worthy. :D Thanks again. Link to comment Share on other sites More sharing options...
fiodh Posted August 8, 2014 Share Posted August 8, 2014 Deleting those cache files didn't work for me. I am still having the issue. I think I might prefer to just uninstall the entire RSS module area to prevent future risk. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.