Code injection in HTTP User-Agent detected Description   This signature detects the use of suspicious html or javascript code located inside the User-Agent header of a HTTP request. This kind of injection can be used to attack some reporting or log analyzer tools which do not sanitize User-Agent correctly.       Default configuration   Profiles High Medium Low Internet Action Block Block Block Block Alarm Level Major Major Minor Minor       References   URL: http://www.tylerkrpata.com/2009/08/xss-ing-user-agent-is-there-point.html       Available since   ASQ v4.1.2       Protects   Cacti "auth_profile.php" Cross-Site Scripting Vulnerability Fixed by 1.1.14 Cacti Multiple Cross-Site Scripting Vulnerabilities Fixed by 1.1.13 Atlassian Jira "global-translations.jsp" Cross-Site Scripting Vulnerability Fixed by 7.2.2 WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities AlienVault Unified Security Management Multiple Vulnerabilities Fixed by 5.3.2 WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities MoinMoin "User-Agent" Script Insertion Vulnerability IBM WebSphere Service Registry and Repository Cross Site Scripting 100 last CVE   CVE-2017-11691 CVE-2017-11163 CVE-2017-10970 CVE-2016-8583 CVE-2016-8582 CVE-2016-8581 CVE-2016-8580 CVE-2016-6285 CVE-2016-10112 CVE-2011-1357    Risk level  Moderate