- Home
- /
- Forum
- /
- Securitycheck
- /
- Newbies area
- /
- Countless Possible XSS attack warnings
Edit Article Bug Causing lock out.
- funnybugbees
-
Topic Author
- Offline
- Junior Member
-
Less
More
1 year 1 month ago #7325
by funnybugbees
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Edit Article Bug Causing lock out. was created by funnybugbees
We have many articles that have embedded youtube videos in them. Whenever we edit these articles, SCP locks me out of my admin with the "The webmaster has forbidden your access to this site" error message.
Once I am able to get back in again (simply by opening another browser window and logging back in), I check the logs and there are XSS attack logs from my IP (which is whitelisted by the way).
This prevents us from editing any article which has an embedded youtube video.
attached is a photo of the log entry.
Once I am able to get back in again (simply by opening another browser window and logging back in), I check the logs and there are XSS attack logs from my IP (which is whitelisted by the way).
This prevents us from editing any article which has an embedded youtube video.
attached is a photo of the log entry.
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4086
- Thank you received: 316
1 year 1 month ago #7327
by Jose
Replied by Jose on topic Edit Article Bug Causing lock out.
Hi Clifton,
To avoid this just go to Waf configuration -> filter exceptions -> xss tab and set the'filter all tags' dropdown to No. This should solve the issue.
Regards,
Jose
To avoid this just go to Waf configuration -> filter exceptions -> xss tab and set the'filter all tags' dropdown to No. This should solve the issue.
Regards,
Jose
Please Log in or Create an account to join the conversation.
- funnybugbees
-
Topic Author
- Offline
- Junior Member
-
1 year 1 month ago - 1 year 1 month ago #7336
by funnybugbees
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Replied by funnybugbees on topic Edit Article Bug Causing lock out.
Wont this also basically turn off XSS script checking and not provide protection from XSS attacks? Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Last edit: 1 year 1 month ago by funnybugbees.
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4086
- Thank you received: 316
1 year 1 month ago #7337
by Jose
Regards,
Jose
Replied by Jose on topic Edit Article Bug Causing lock out.
No, there are many tags listed when you change the dropdown. Those tags are those most commonly used in attacks. Filtering all tags we get false positives if, as is your case, some editors add other tags (p tag for instance).Wont this also basically turn off XSS script checking and not provide protection from XSS attacks?
Yes, sorry. That what I mean.Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?
Regards,
Jose
Please Log in or Create an account to join the conversation.
Time to create page: 0.076 seconds