Forum Discussion

Nimbostratus

Oct 09, 2009

Cross-Script Audit

Hello, I have upgraded to version 10.0 and I got audited with this cross-script vulnerability. I thought I turned off on 9.01. Do you know if I can trun off Cross-Script attacks on the...

config

design

hoolio

Cirrostratus

Oct 13, 2009

I can't see how adding a standard HTTP VIP on LTM would fix a XSS vulnerability in a web app. By default, LTM doesn't change the content of HTTP requests or responses. So unless you had an iRule or ASM enabled previously (well, not ASM as it wasn't available in 9.0/9.1) I don't think load balancing an application with LTM could have fixed the problem.

You might consider using a web application firewall like ASM to protect the application against XSS and other attacks.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cross-Script Audit

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Could not communicate with the system. Try to reload page.

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Cross Site Scripting (XSS) Exploit Paths

Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 BIG-IP

Auditing Security Policy Updates

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting

Audit WAF changes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS