XSS script tag end (Parameter) (2) 200001475 , False positive

Question

Greeting you All,

I would ask for the rule ID: 200001475, generating a lot of noise, is it accurate about it, or am missing something,

example of triggered Request Url : /index.php/jec/$$$call$$$/plugins/generic/custom-block-manager/controllers/grid/custom-block-grid/update-custom-block?existingBlockName=map , so the detection based on what , and what the suggestion to fine-tune it

thank you in advance

daniel_wolf · Answer

Hi ,&nbsp;the name of the Attack Signature says it pretty much. In one of the parameters, the WAF has detected an XSS script tag.&nbsp;XXS or cross site scripting is an attack, where an attacker would supply a malicious link via a hyperlink. A user would then click on the link and the attacker would try to steal information from the user.&nbsp; If you think this violation is a false positive you could disable this signature for the parameter in question.&nbsp;KRDaniel&nbsp;

yuv_saha · Answer

Thanks for the awesome information.

mohammed00 · Answer

thank you for answering, i know what XSS is  but I see no XSS tags in the URL how so the WAF says its XSS

daniel_wolf · Answer

Good, I am not always sure, so I thought a short explanation of XXS will do no harm.

Is that the complete URL? Usually in the logs it is highlighted in red where the violation was seen. For example:

mohammed00 · Answer

thank you for replying again , yes, its the complete URL,

Forum Discussion

XSS script tag end (Parameter) (2) 200001475 , False positive

7 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 Distributed Cloud WAF AI/ML Model to Suppress False Positives

Handle False Positive for files upload

CMS causing False Positives

Separating False Positives from Legitimate Violations

Brute Force protection for single parameter like OTP