I noticed something in our weekly Event Viewer check on our web server.
There is an event viewer warning for an attempt to go to:
hxxp://www.ourwebsitename.com/products/ b]):f===v?c.css(e,d):this.css(d,typeof f===
I wonder if the part in bold is an attempted Cross-Site Scripting attempt. Has anyone else run across it?
The part up to and including products/ IS part of the site. Just the b] forward is the bad part.
- I see that it's the last part of jquery-1.4.min.js
To check, I downloaded jquery-1.4.min.js from jquery.com and compared that last line. It's ALMOST the same.
In NopCommerce"
b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});z.jQuery=z.$=c})(window);
From jquery.com:
b]):f===v?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});z.jQuery=z.$=c})(window);
That's the only difference I could find. Not sure why it would be showing up - someone tryint to specifically call it?
thanks
David