We switched to the gotroot.com rules to address issues with our static rules. After the switch, we are having false negatives during or scans from Qualys. The specific errors are related to "Reflected Cross-Site Scripting (XSS) Vulnerabilities."
Here is one of the results output:
Quote:
http://domain.com/knowledgebase.php?action=search -- comment: DOM verification failed for this test. This result may need to be manually verified.
n.com/knowledgebase.php">Knowledgebase</a> » <a href="knowledgebase.php?action=search&search=' onEvent=X3010763568Y1Z ">Search</a></p>
</div>
</div>
</div>
,http://domain.com/knowledgebase.php?action=search -- comment: DOM verification failed for this test. This result may need to be manually verified.
in.com/knowledgebase.php">Knowledgebase</a> » <a href="knowledgebase.php?action=search&search=' onEvent=X138453672Y1Z ">Search</a></p>
</div>
</div>
</div>
Are these issues covered by our support?
Login
Register
FAQ
Search
