Cycle 1.0 Security Flaw?

Cycle 1.0 Security Flaw?


I was wondering if anyone knew of a security flaw with malsup's Cycle 1.0 that might allow someone to inject JS into the .js file.

A site that I created a couple years ago suddenly had people redirected to another site when the user clicked on a search result for their site in Bing. After doing some investigating, I found some JS code that redirected the user if they came from certain search engines.

I'm trying to figure out how this could have happened, I've used Cycle quite a few times over the years and never seen this happen so I'm not accusing of anything here, just searching for an answer as to how this could have happened and possibly prevent it in the future.

Thanks in advance.