cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SBaha
Engaged Sweeper II

A recent security scan of our Lansweeper server detected a Cross-site Scripting Attack vulnerability.  Checking Lansweeper knowledge base I found this in a security related document:

X-XSS-Protection: When set to 1, this setting enables the browser's XSS filter, providing an additional layer of defense against cross-site scripting attacks. This setting cannot be altered.

I made this change for LS site in IIS (I am not sure why it says his setting cannot be altered), but the scan still returns the same alert.  Has anyone seen this before and if so, have you been able to resolve the issue?

1 ACCEPTED SOLUTION
SBaha
Engaged Sweeper II

We resolved the issue by only allowing HTTPS connections to the server.

View solution in original post

4 REPLIES 4
SBaha
Engaged Sweeper II

We resolved the issue by only allowing HTTPS connections to the server.

SBaha
Engaged Sweeper II

I spoke too soon. The latest scan found the exact same issue on port 443. So, it is even detected when the site only answers to HTTPS calls.

DonMario73
Champion Sweeper

Hi, can you confirm the LS and IIS version that you are using? Also, the tool that you ran to scan for vulnerabilities?.

Thks 

SBaha
Engaged Sweeper II

IS 10.0.17763.1
LS 11.2.1.2
Scanning is done with Connectsecure