XSS script tag end (Parameter) (2) 200001475 , False positive

Mohammed00 · ‎14-Dec-2021

Greeting you All,

I would ask for the rule ID: 200001475, generating a lot of noise, is it accurate about it, or am missing something,

example of triggered Request Url : /index.php/jec/$$$call$$$/plugins/generic/custom-block-manager/controllers/grid/custom-block-grid/update-custom-block?existingBlockName=map , so the detection based on what , and what the suggestion to fine-tune it

thank you in advance

Daniel_Wolf · ‎14-Dec-2021

Hi ,

the name of the Attack Signature says it pretty much. In one of the parameters, the WAF has detected an XSS script tag.

XXS or cross site scripting is an attack, where an attacker would supply a malicious link via a hyperlink. A user would then click on the link and the attacker would try to steal information from the user.

If you think this violation is a false positive you could disable this signature for the parameter in question.

KR

Daniel

Mohammed00 · ‎14-Dec-2021

thank you for answering,

i know what XSS is but I see no XSS tags in the URL how so the WAF says its XSS

Daniel_Wolf · ‎14-Dec-2021

Good, I am not always sure, so I thought a short explanation of XXS will do no harm.

Is that the complete URL? Usually in the logs it is highlighted in red where the violation was seen. For example:

Mohammed00 · ‎15-Dec-2021

thank you for replying again ,

yes, its the complete URL,

Daniel_Wolf · ‎15-Dec-2021

When I expand the dropdown next to Attack signature detected, I can see where the pattern was matched.

Yuv_saha · ‎14-Dec-2021

Thanks for the awesome information.

Yuv_saha · ‎15-Mar-2022

thanks my issue has been fixed.

https://breakfasthoursofficial.com/whataburger-breakfast
https://breakfasthoursofficial.com/chick-fil-a-breakfast-hours
https://breakfasthoursofficial.com/panera-breakfast-hours

DevCentral

XSS script tag end (Parameter) (2) 200001475 , False positive