When you are activating a link in an email about a “topic post” from comodo,
and you log in,
there seems to be now a cross site scripting (XSS) attempt from http://forums.comodo.com
This happens each time. First i thought, i would insert the wrong password. Because you get the “wrong password” window, whatever you insert. And a cross site scripting attempt is discovered.
I don’t get this. Do you get this on all topics or some? Where’s the XSS to?
For some days now.
You have to press the link in the email for a new topic reply.
Then all looks normal. New tab, comodo website.
You insert your details.
“WRONG!” (No matter what you insert).
Then a new window opens in the same tab. To re-insert your details. Your password would be accepted in this window. But also a XSS was discovered.
Its anyway suspicious if you get a “Wrong” for a right password.
Well, I’ve just done that now (following a forum URL in my email client) to see your reply & I didn’t see any warnings about an XSS… or see any login screens (but, I do usually stay logged in during the day). But yea, “WRONG” does indeed sound wrong for a forum response. What’s the other site on the XSS warning?
Also, what’s the browser & the email client/service that you’re using? And confirm that the forum email notification is a text email (you shouldn’t get HTML emails from the forum)… right? In fact, can you post an example of the exact URL that is causing this. Thanks.
With this topic notification it is reproduceable.
https://forums.comodo.com/empty-t87473.0.html;new;topicseen#new
Firefox, web email site kept open on another tab.
While another one (this) worked as expected. I dont have much examples there.
Of course i dont press links in emails. I copy pasted them.
(The “WRONG!” was a “dramaturgique shortening” 
, my bad )
Currently, I cannot reproduce this. What’s the other site in the XSS warning?
Allways when i try to log in with that url, i get an XSS warning.
Use noscript and firefox. It says, the scripting attempt is from http://forums.comodo.com
And you find yourself being on the page that usually appears when you miswrote account details on log in.
I use firefox and noscipt and never get this. I think the problem is with your web mail provider’s scripting, not with comodo’s site.
The XSS is for the forums? That sounds like that you’re coming from somewhere else… like the forum’s URL is nested somewhere that isn’t the forums or nothing (local). I suspect that you’re getting thrown to the login screen due to NoScript.
Have you installed any new FF addons recently? The new tab that you paste the URL that you copied from the email, is that a blank tab or is there something else on it? What happens when you click the forum URL from within the email?
Additionally, to get this issue better exposure (replication by somebody else comes to mind) I’m going to move it to the Report Comodo Forum/Web Site Issues section. I’ll leave a place-holder behind in case you have trouble finding it (which you shouldn’t).
No changes were made.
When i use my provided link direct out of this topic to log in, i get the XSS detection after submitting the details. No matter if i have just this (fresh) tab open, or if firefox is fresh opened.
When i try to log in direct on this topic here, all is fine.
What web browser are you using? chrome, Dragon. internet explorer?
As i wrote several times, firefox
Noscript got an update.
The link in my post is still allways generating the warning. While i can log in fine on other points in this forum.
Since that topic of the link is active for some days, it fits to my experience that for some days there is an XSS warning while logging into comodo forum.
Something is wrong with that topic/place.
That’s why I asked what the topic was… a topic/post can contain user items (Avatar’s, signature images, embedding stuff, etc…) that have off-forum connections & trigger such things. But, the URL example you supplied was clean of these issues & NoScript wasn’t apparently reporting any other sites than the forums itself.
Did you have another topic in mind… or have I misunderstood you?
No other topic in mind.
https://forums.comodo.com/empty-t87473.0.html;new;topicseen#new
This is the only example that i have. On my side reproduceable by any possible “access methods”.
I will keep my eyes open if it happens somewhere else.
But this example is strange enough on its own.
I changed my passwords for “the other tab” that has been open while i got this warning first.
I did not change my comodo password. So, just in case, if “i” act surprisingly, like posting suddenly links to “awesome new products”, time out my account and have a laugh 