Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
linux
shell
auditing
devops
unix
security-audit
pci-dss
compliance
hardening
security-vulnerability
security-hardening
devops-tools
hipaa
vulnerability-detection
vulnerability-scanners
security-scanner
vulnerability-assessment
gdpr
security-tools
system-hardening
-
Updated
Oct 13, 2021 - Shell
Hi,
I am getting some XSS Reflected and persistent alerts generated when a .xls or .pdf file contains unsantised XSS injection strings. I do not want to add an alert filter because it is an .asp page that generates these files and so there could be another XSS vulnerability on the page.
I was wondering if the XSS rule could check the Content-Type header and the file identifying line (first