XSS - Prevention : suspicious tag or javascript found in header


Description   The presence of tags or javascript allowing the execution of active code should not be authorised in headers. Cross Site scripting attacks (XSS) may allow a user's browser to execute codes.
These codes, which are included in the targeted web page and executed on the user's computer, can be used for stealing session cookies and can also authenticate a malicious user passing off as a legitimate user on a vulnerable site.
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Block Pass Block
Alarm Level Major Minor Minor Major
     
References  
     
Available since   ASQ v5.0.0
     
Protects   Cacti "auth_profile.php" Cross-Site Scripting Vulnerability Fixed by 1.1.14
Cacti Multiple Cross-Site Scripting Vulnerabilities Fixed by 1.1.13
Atlassian Jira "global-translations.jsp" Cross-Site Scripting Vulnerability Fixed by 7.2.2
WordPress Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Modules Multiple Vulnerabilities
AlienVault Unified Security Management Multiple Vulnerabilities Fixed by 5.3.2
WordPress Third-Party Modules Multiple Vulnerabilities
WordPress Third-Party Modules Multiple Vulnerabilities
100 last CVE   CVE-2017-11691
CVE-2017-11163
CVE-2017-10970
CVE-2016-8583
CVE-2016-8582
CVE-2016-8581
CVE-2016-8580
CVE-2016-6285
CVE-2016-10112



 
 
 
 
 Risk level 
High