Forum Discussion

Nimbostratus

Oct 09, 2009

Cross-Script Audit

Hello, I have upgraded to version 10.0 and I got audited with this cross-script vulnerability. I thought I turned off on 9.01. Do you know if I can trun off Cross-Script attacks on the...

config

design

Gustavo_Lazarte

Nimbostratus

Oct 13, 2009

We got flagged because a Firefox XSS error.

If the user types in firefox:

http://www.oursite.com/eShop/stores/InnisbrookA/rgs/Info/Info_Fundraising.cfm?">

in the source of that page they will get the script value:

name="form1" id="form1" action="/eShop/stores/oursiteA/rgs/Info/Info_Fundraising.cfm?%22%3E%3Cscript%3Ealert(123)%3C/script%3E" method="post" onsubmit="return _CF_checkform1(this)">

We see xss windows signatures but nothing for Firefox,

any ideas, thanks

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cross-Script Audit

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Cross Site Scripting (XSS) Exploit Paths

Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 BIG-IP

Auditing Security Policy Updates

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting

Audit WAF changes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS