FortiWeb detecting Wordpress as XSS

sndyblz · ‎11-07-2024

We got a team who manage the content of our corporate website. And everytime the push or publish their design/changes via wordpress. The fortiweb detected it as XSS.

Is there a way to exempt the user ip source for any XSS detection or any better approach to fix this.

FortiWeb

shafiq23 · ‎11-07-2024

Hello @sndyblz, if user source IP is real client IP, you can use Client IP exception.

1. Identify which XSS category was triggered. e.g HTML Tag Based XSS Injection

2. Set Client IP exception.

Thanks!

View solution in original post

AEK · ‎11-07-2024

If you are sure this is a false positive, then you need mitigate it.

Just open attack logs, find the false positive related log, double click, and on the right panel you right-click on the "Message", then use either "Add Exception" or "Alert Only", depending on how you want to mitigate it.

AEK

sndyblz · ‎11-07-2024

Yes, the detection is confirmed false positive but the number of detections is too much.

AEK · ‎11-08-2024

It doesn't matter if the error is the same, you just need to do it on one of them, or you can follow Shafiq's advice if you want to do exception for a specific client IP.

AEK

shafiq23 · ‎11-07-2024

Hello @sndyblz, if user source IP is real client IP, you can use Client IP exception.

1. Identify which XSS category was triggered. e.g HTML Tag Based XSS Injection

2. Set Client IP exception.

Thanks!

FortiWeb detecting Wordpress as XSS

Nominate a Forum Post for Knowledge Article Creation