Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

hoangnv's avatar
hoangnv
Icon for Nimbostratus rankNimbostratus
1 year ago

ASM don't block attack XSS

hi all, I enabled all the XSS signatures and all signatures are state no staging. why the asm don't block this : <script>alert("attack")</script> It match to some Attack Signature ID : 200101609 ,...
ASM WAF
devops
event
security
zamroni777's avatar
zamroni777
Icon for MVP rankMVP
1 year ago

did that <script>..... come in server response or client request?

asm wont block it if it comes from server response.

hoangnv's avatar
hoangnv
Icon for Nimbostratus rankNimbostratus
1 year ago

It's client request, and asm has score 4 for event log this.

Recent Discussions