I appreciate this is a novice question, but is there a document that describes all the rules for the baseline protection profile?
If not, can someone explain what rule 273 is trying to prevent; this was preventing a valid application from working and is presently disabled. I am trying to see what in the SOAP request is triggering the rule.
categories | Cross-Site Scripting (XSS) |
severity | medium |
last changed | 2016-03-10 10:05 |
regex | </?[a-zA-Z] |
match on | args, uri, headers |
id | 273 |
Rule 273 addresses CWE – 79 (Refer https://cwe.mitre.org/data/definitions/79.html)
The rule prevents any HTML (and similar mark ups like XML) open and close tags as a part of input validation.
Could we have more details on the SOAP request used?