This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: Cross-Site Scripting Attack vulnerability
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2024 07:02 PM
A recent security scan of our Lansweeper server detected a Cross-site Scripting Attack vulnerability. Checking Lansweeper knowledge base I found this in a security related document:
X-XSS-Protection: When set to 1, this setting enables the browser's XSS filter, providing an additional layer of defense against cross-site scripting attacks. This setting cannot be altered.
I made this change for LS site in IIS (I am not sure why it says his setting cannot be altered), but the scan still returns the same alert. Has anyone seen this before and if so, have you been able to resolve the issue?
Solved! Go to Solution.
Labels:
- Labels:
-
Security
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-20-2024 06:18 AM
We resolved the issue by only allowing HTTPS connections to the server.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-20-2024 06:18 AM
We resolved the issue by only allowing HTTPS connections to the server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-28-2024 09:34 PM
I spoke too soon. The latest scan found the exact same issue on port 443. So, it is even detected when the site only answers to HTTPS calls.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2024 07:56 PM
Hi, can you confirm the LS and IIS version that you are using? Also, the tool that you ran to scan for vulnerabilities?.
Thks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-17-2024 08:32 PM
IS 10.0.17763.1
LS 11.2.1.2
Scanning is done with Connectsecure
General Discussions
Find answers to technical questions about Lansweeper.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Script based deployment of LS Agent to Linux and Windows servers in Deployment Packages
- Can the Risk Insights module replace a vulnerability scanner such as OpenVAS? in Open Office Hours Q&A
- Group vulnerabilities by affected product in Reports & Analytics
- Non-active assets showing in Vulnerability Dashboard in General Discussions
- Vulnerabilities showing up after fix action is implemented in General Discussions
