Jump to content
Welcome to our new Citrix community!

WAF generating XSS Violation generate Bad Tag with empty value


Sohel Shaikh

Recommended Posts

I have come across an issue where WAF is generating XSS violation events for few URLs of application where Bad Tag comes at empty please refer below log sample,

default APPFW APPFW_XSS 300920218362 0 : 10.1.1.2 8786253357-PPE2 - WAF_Profile_Monitor https://example.com/user-portal/portal/login.xhtml?conversationId=978646 Cross-site script check failed for field loginform:passworddecoration:password="Bad tag: " <not blocked>

What could be the reason for this is there is not value in input for Bad Tag how WAF is generating this events if anyone cam help in such issue.

I am running 12.1.62.25 on VPX

image.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...