- Community Home
- >
- Welcome
- >
- Other HPE Product Questions
- >
- Need to support Cross-Frame Scripting ( 11293 ) pr...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2020 04:32 AM
06-16-2020 04:32 AM
Hi Bro,
I'm used WebInspect, and it detects my website has Cross-Frame Scripting Problem (Cross-Frame Scripting ( 11293 )). But even my response header has X-Frame-Options & Content-Security-Policy: frame-ancestors setting,
WebInspect still detects the same problem. You can see the report file that contains the issue Cross-Frame Scripting ( 11293 ) here report file
Please help me resolve that.
Is any way to resolve it? So I think that was obviously false positives.
Scan information:
- Policy: Standard
- Scan Version: 20.1.0.199
- Scan Type: Site
Issue:
High Issues
Cross-Frame Scripting ( 11293 ) View Description
CWE: 1021
Kingdom: Security Features
Page: https://10.1.33.17:443/
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101
Firefox/58.0
Host: 10.1.33.17
Connection: Keep-Alive
X-WIPP: AscVersion=20.1.0.199
X-Scan-Memo:
Category="Crawl";SID="2CF765E6D8D95CDB61F57141B17462A6";SessionType="Externa
lAddedToCrawl";CrawlType="None";AttackType="None";OriginatingEngineID="00000
000-0000-0000-0000-000000000000";tid="109";tt="31";
X-RequestManager-Memo: sid="67";smi="0";sc="1";ID="3dad46cc";
X-Request-Memo: ID="86fc50f6";sc="1";tid="106";
Cookie: CustomCookie=WebInspect148724ZXE9B2988179734CA6A2CF0DC556B11AD3YFD5F
R
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store,private, max-age=3600, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Length: 15548
Set-Cookie:
.AspNetCore.Antiforgery.c_12tiZU3jA=CfDJ8N8w1XEX_wxJuzUyQXra96u2ltEear86diCa
FvrnuzWHPfeugmNneN297MliJ_8aNt27154edOJ0vrV6k1VD6Sj1ue0z1rOTZaDql9YznwdzsVqFbUOj5Vfyf
O8zXcVKpp1IoDnnVudgolF8rVQbLA; path=/; samesite=strict; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src
'self' 'unsafe-inline'; img-src 'self' data:
https://10.1.33.17:443/Resources/; font-src 'self' data:; object-src
'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 15 Jun 2020 08:34:10 GMT
Solved! Go to Solution.
- Tags:
- HansEnders
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2020 05:46 AM
06-16-2020 05:46 AM
SolutionHi,
Webinspect is part of a different company named " Micro Focus " . So you will need to repost your question to the Micro Focus Community at https://community.softwaregrp.com/
Thanks,
Parvez_Admin
I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2020 07:11 PM
06-16-2020 07:11 PM