Bug ID 689879: No support for AppScan mitigation of Cross-Site Scripting on URLs

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: Oct 22, 2017

Severity: 3-Major


Imported vulnerabilities from IBM AppScan for Cross-Site Scripting on URLs are not mitigated correctly.


Vulnerabilities are not mitigated correctly.


Vulnerabilities from IBM AppScan for Cross-site Scripting on URLs are imported.


As a workaround, enforce signatures on the policy for 'Cross-Site Scripting' on URLs.

Fix Information

URL signatures for cross-site scripting are now associated with the policy (and enforced via URL '*').

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips