Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XSS tag with command

xyzzy
New Member
‎07-21-2018 03:15:AM
‎07-21-2018 03:15:AM

XSS tag with command

I appreciate this is a novice question, but is there a document that describes all the rules for the baseline protection profile?

 

If not, can someone explain what rule 273 is trying to prevent; this was preventing a valid application from working and is presently disabled. I am trying to see what in the SOAP request is triggering the rule.

 

categoriesCross-Site Scripting (XSS)
severitymedium
last changed2016-03-10 10:05
regex</?[a-zA-Z]
match onargs, uri, headers
id273
0 Kudos
Reply
1 REPLY 1
sudayakumar
Frequent Visitor
‎07-22-2018 11:35:PM
‎07-22-2018 11:35:PM

Re: XSS tag with command

Rule 273 addresses CWE – 79 (Refer https://cwe.mitre.org/data/definitions/79.html)

The rule prevents any HTML (and similar mark ups like XML) open and close tags as a part of input validation.

 

Could we have more details on the SOAP request used?

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.