Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.

 

Submit ideas for Watson Marketing and Watson Commerce products

X-XSS-Protection Block Vulnerability

Cross-site scripting (XSS) filters in browsers check if the URL contains possible harmful XSS payloads
and if they are reflected in the response page. If such a condition is recognized, the injected code is
changed in a way, that it is not executed anymore to prevent a successful XSS attack. The downside of
these filters is, that the browser has no possibility to distinguish between code fragments which
were reflected by a vulnerable web application in an XSS attack and these which are already present
on the page. In the past, these filters were used by attackers to deactivate JavaScript code on the
attacked web page. Sometimes the XSS filters itself are vulnerable in a way, that web applications
which were protected properly against XSS attacks became vulnerable under certain conditions.
In the SB2BI application it was noted that no XSS filter headers are being set.

The web application should be configured to send the äóìX-XSS-Protectionäó header in every page
response:
X-XSS-Protection: 1; mode=block
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 19 2017
What is the idea priority? Medium
DeveloperWorks ID DW_ID87842
RTC ID RTC_ID501399
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=87842
  • Attach files