Signature ID is required
Can anyone identify the signature ID's on WAF for the following cases?
Cross-Site Scripting: ReflectedCross-Site Scripting vulnerabilities were verified as executing code on the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.
Cross-Site Scripting (Web) Insufficient user input validation in the application allows attackers to inject arbitrary HTML tags (including JavaScript, etc.) to a user’s browser.
Cross-Site Scripting (XSS), Persistent The application is vulnerable to Cross-Site Scripting (XSS) attacks. This occurs when web applications do not properly validate user-supplied inputs before including them in dynamic web pages. • By modifying the user-supplied values, Trustwave was able to store special characters and code in the application, which may then be executed by other users. • This type of attack may be used to steal information such as usernames and passwords, sensitive information, remotely control or monitor the victim's browser, or impersonate a web page used to gather order information, including credit card numbers. • An attacker could exploit this vulnerability to store malicious code on a page, which when viewed by another user or administrator in the future would send session information or browser keystrokes to the attacker, allowing them to hijack or spy on the user's session. • This requires little to no interaction between the attacker and the victim, only that the victim visits the page in the application which displays the malicious script. • Please note, that the XSS payload is stored using the normal (RBWeb) account interface but reflected on the mobile site.
Web Server Misconfiguration: Unprotected Directory It has been detected a backup directory with (copy) suffix on the target server. It might contain sensitive artifacts such as source code and design documents relevant to the site.
Web Server Misconfiguration: Unprotected File It Contain multiple server content including :CSS,images,pdf,html,js,jar,jsp,xml,fonts.