Reflected XSS attempts on routes returning HTML
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우
언제든지 연락주시기 바랍니다.Goal
Detect Reflected Cross-Site Scripting (XSS) attempts on web services returning HTML. Such security activity generally indicates that an attacker is trying to exploit a potential XSS vulnerability or steal sensitive data.
Strategy
Monitor reflected cross-site scripting attempts (@appsec.security_activity:attack_attempt.xss
) on services returning HTML (@http.response.headers.content-type:text\/html*
).
Excludes requests that use the HEAD
method (-@http.method:HEAD
) because they don’t return a body and are therefore not vulnerable.
Generate an Application Security Signal with LOW
severity.
Triage and response
- Consider blocking the attacking IP(s) temporarily to prevent them to reach deeper parts of your production systems.
- Investigate if the parameters are ending up in the HTML body without sanitization. If they do, fix the code.