Skip links

XSS on (Open source Web design) used by spammers (Open Source design) is a popular web site used for sharing templates and web designs. They have a strong and active community and we actually used that in the past when looking for templates.

However, we started to notice lately a lot of spammers using the site for hosting their content. Instead of having links to a viagra or a cialis web site, they were linking directly to random oswd profiles. For example: or or

*There are hundreds of profiles within the 526-528 range being used for that. If you search on twitter for “user profile” “oswd” you will find a bunch as well.

As we dug deeper, we found out the reason: Every designer can specify their site and a link to their portfolio. However their input form has a XSS flaw, that allowed the attackers to specify iframes within the link:

So, instead of adding the link, the attackers used followed the iframe. Any user that visited these pages would load the spam (or malware) automatically from there.

We already contacted and hopefully they will fix it soon and remove the spammers.

If your site is hacked (or with malware) and you need help, send us an email at or visit our site: We can get your sites clean up right away.

Also, consider checking out our site security monitoring. We will monitor your sites 24×7 and alert you if it ever gets infected with malware, hacked or blacklisted.

  • If you ask the right questions, you could get some great feedback that will help you improve your site and hopefully improve your business as well.

  • How could this be possible and I wonder how can they be able to hack this.