A potentially dangerous Request.Path value was detected from the client (>).

Hi guys

I am getting this error on a web application

"A potentially dangerous Request.Path value was detected from the client (>)."


I have seen a post with this but regarding a mobile application and a method POST. No solution there though.


CompiledWith=10.0.1005.2
RequestUrl: https://IPAddress/ServerName/AccountSections.php/"><script>alert(/openvas-xss-test/);</script> (Method: GET)

Thread Name:
.NET: 4.0.30319.42000


Stack:

A potentially dangerous Request.Path value was detected from the client (>).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


Never seen this before.

Its happening in a production environment and it doesn't occur on any other environment.

I don't have any complaints from end users so I don't have any user feedback on this, just the error occurring on service center.


Does anyone has come through this before?

Any idea on what this could be and how to overcome it?


Regards

Hi Pedro,

From the look of it, someone is testing your site for Cross-Site Scripting (XSS) vulnerabilities. You can check the client ip to know from where it came from.

And, as you can see, OutSystems blocks those accesses, so the platform is overcoming those accesses and all is good. In my opinion, you don't need to do anything about it.

Cheers,

José

Hi José.


Will dig into it and let you know what we have discovered.


Thank you for your help