We have a custom login page deployed and it looks like when you put in a script in the URL like = accesskey="x"onclick="alert(1)"//
can pop up with a error.
We were able to reproduce this only in Firefox and not on any other browsers. How can we prevent this type of attack.
Release : ALL
Component : SITEMINDER -WEB AGENT FOR APACHE
The Web Agent had not been configured to block the risky characters used in the attack, namely the double quote character (%22).
Add %2522 to the BadQueryChars ACO parameter to block use of double quotes in request query strings. Alternatively, %22 can be added to the BadURLChars ACO parameter.