cancel
Showing results for 
Search instead for 
Did you mean: 

XSS tag with command

New Member

XSS tag with command

I appreciate this is a novice question, but is there a document that describes all the rules for the baseline protection profile?

 

If not, can someone explain what rule 273 is trying to prevent; this was preventing a valid application from working and is presently disabled. I am trying to see what in the SOAP request is triggering the rule.

 

categoriesCross-Site Scripting (XSS)
severitymedium
last changed2016-03-10 10:05
regex</?[a-zA-Z]
match onargs, uri, headers
id273
1 REPLY
Visitor

Re: XSS tag with command

Rule 273 addresses CWE – 79 (Refer https://cwe.mitre.org/data/definitions/79.html)

The rule prevents any HTML (and similar mark ups like XML) open and close tags as a part of input validation.

 

Could we have more details on the SOAP request used?