Jump to content
Welcome to our new Citrix community!

cross site scripting - Can this vulnerability be addressed without using app firewall

Recommended Posts

Acunetix has highlighted cross site scripting vulnerability on our MPXs which are being used as ICA Proxy gateways.

MPX version -

Solution suggested by Acunetix - Apply context-dependent encoding and/or validation to user input rendered on a page


I want to avoid using web app firewall. 

Any suggestion or pointers would be helpful.




Link to comment
Share on other sites

Not exactly this vulnerability but a 3rd Party auditor has highlighted cross site scripting vulnerability.


But I figured out a way  - Use X-XSS-Protection header with a rewrite policy.

Reference article -  https://www.langhq.com/2018/07/step-up-your-http-security-header-game.html


Once I inserted this as a response header, the scan results didn't show XSS vulnerability.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...