Forum Discussion

MattAlex1's avatar
MattAlex1
Icon for Altocumulus rankAltocumulus
Nov 08, 2024

HTML Code injection Not detected by ASM

There was PT conducted on our application and was reported to be HTML injection vulnerable. URL used for evidence of exploitation is: https://abc.com/SimpleSamples812/ChatWidget/ChatPanel.aspx?Back...
application delivery
security
Amine_Kadimi's avatar
Amine_Kadimi
Icon for MVP rankMVP
Nov 08, 2024

I can confirm this is blocked by F5. %00 generates a http compliance failed (null in request) violation. Meta characters also generate an illegal metacharacter in value violation. Check your policy settings and enforcement.