Other HPE Product Questions
cancel
Showing results for 
Search instead for 
Did you mean: 

Need to support Cross-Frame Scripting ( 11293 ) problem

 
SOLVED
Go to solution
Highlighted
Occasional Visitor

Need to support Cross-Frame Scripting ( 11293 ) problem

Hi Bro,

I'm used WebInspect, and it detects my website has Cross-Frame Scripting Problem (Cross-Frame Scripting ( 11293 )). But even my response header has X-Frame-Options & Content-Security-Policy: frame-ancestors setting,

WebInspect still detects the same problem.  You can see the report file that contains the issue  Cross-Frame Scripting ( 11293 ) here  report file 

Please help me resolve that.
Is any way to resolve it? So I think that was obviously false positives.

Scan information: 

- Policy: Standard

- Scan Version: 20.1.0.199

- Scan Type: Site

Issue:

 

 

High Issues
Cross-Frame Scripting ( 11293 ) View Description
CWE: 1021
Kingdom: Security Features
Page: https://10.1.33.17:443/

 

 

 
Request:

 

 

GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101
Firefox/58.0
Host: 10.1.33.17
Connection: Keep-Alive
X-WIPP: AscVersion=20.1.0.199
X-Scan-Memo:
Category="Crawl";SID="2CF765E6D8D95CDB61F57141B17462A6";SessionType="Externa
lAddedToCrawl";CrawlType="None";AttackType="None";OriginatingEngineID="00000
000-0000-0000-0000-000000000000";tid="109";tt="31";
X-RequestManager-Memo: sid="67";smi="0";sc="1";ID="3dad46cc";
X-Request-Memo: ID="86fc50f6";sc="1";tid="106";
Cookie: CustomCookie=WebInspect148724ZXE9B2988179734CA6A2CF0DC556B11AD3YFD5F
R

 

 

 
Response:

 

 

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store,private, max-age=3600, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Length: 15548
Set-Cookie:
.AspNetCore.Antiforgery.c_12tiZU3jA=CfDJ8N8w1XEX_wxJuzUyQXra96u2ltEear86diCa
FvrnuzWHPfeugmNneN297MliJ_8aNt27154edOJ0vrV6k1VD6Sj1ue0z1rOTZaDql9YznwdzsVqFbUOj5Vfyf
O8zXcVKpp1IoDnnVudgolF8rVQbLA; path=/; samesite=strict; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src
'self' 'unsafe-inline'; img-src 'self' data:
https://10.1.33.17:443/Resources/; font-src 'self' data:; object-src
'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 15 Jun 2020 08:34:10 GMT

 

 

 

 

 
 
 
2 REPLIES 2
Highlighted
Community Manager
Solution

Re: Need to support Cross-Frame Scripting ( 11293 ) problem

Hi,

Webinspect is part of a different company named " Micro Focus " . So you will need to repost your question to the Micro Focus Community at https://community.softwaregrp.com/ 


Thanks,
Parvez_AL
I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
CM_Cert_Logo_Color.png
Highlighted
Occasional Visitor

Re: Need to support Cross-Frame Scripting ( 11293 ) problem

Thank you  Parvez_AL