AnsweredAssumed Answered

QID 150000 and 150001 Detection Logic Changes

Question asked by Jayson Coulter on May 29, 2019
Latest reply on Jun 5, 2019 by Jayson Coulter

Hello All,
Has there been any changes to the detection logic used for QID 150000 - Persistent Cross-Site Scripting (XSS) Vulnerabilities and QID 150001 - Reflected Cross-Site Scripting (XSS) Vulnerabilities? Recently received two findings for each QID on the same application that has received no code changes in the last month. The QID 150001 findings have a very inconsistent history and have not been active for two subsequent scans, although this is might be related to recent Auth record success and failure. The QID 150000 findings are new and have no previous history. 





Jayson A. Coulter