XSS - Prevention : suspicious 'script' tag found in header Description   The presence of tags allowing the execution of active code should not be authorised in headers. Cross Site scripting attacks (XSS) may allow a user's browser to execute codes. These codes, which are included in the targeted web page and executed on the user's computer, can be used for stealing session cookies and can also authenticate a malicious user passing off as a legitimate user on a vulnerable site.       Default configuration   Profiles High Medium Low Internet Action Block Block Pass Block Alarm Level Minor Minor Minor Minor       References         Available since   ASQ v5.0.0       Protects   Cacti "auth_profile.php" Cross-Site Scripting Vulnerability Fixed by 1.1.14 Cacti Multiple Cross-Site Scripting Vulnerabilities Fixed by 1.1.13 Atlassian Jira "global-translations.jsp" Cross-Site Scripting Vulnerability Fixed by 7.2.2 WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities AlienVault Unified Security Management Multiple Vulnerabilities Fixed by 5.3.2 WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Apache Ranger Multiple Vulnerabilities Fixed by 0.5.0 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities phpMyAdmin Multiple Vulnerabilities Fixed by 4.0.10.15, 4.4.15.4 and 4.5.5.1 Magento Multiple Vulnerabilities Fixed by CE 1.9.2.3, EE 1.14.2.3 and 2.0.1 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities 100 last CVE   CVE-2017-11691 CVE-2017-11163 CVE-2017-10970 CVE-2016-8583 CVE-2016-8582 CVE-2016-8581 CVE-2016-8580 CVE-2016-6285 CVE-2016-2562 CVE-2016-2561 CVE-2016-2560 CVE-2016-2559 CVE-2016-10112 CVE-2015-0266 CVE-2015-0265    Risk level  Moderate