Bug ID 689879: No support for AppScan mitigation of Cross-Site Scripting on URLs

Last Modified: Jun 04, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,,, 14.0.0,,,,,

Fixed In:

Opened: Oct 22, 2017
Severity: 3-Major


Imported vulnerabilities from IBM AppScan for Cross-Site Scripting on URLs are not mitigated correctly.


Vulnerabilities are not mitigated correctly.


Vulnerabilities from IBM AppScan for Cross-site Scripting on URLs are imported.


As a workaround, enforce signatures on the policy for 'Cross-Site Scripting' on URLs.

Fix Information

URL signatures for cross-site scripting are now associated with the policy (and enforced via URL '*').

Behavior Change