Resolved Web Server Cross Site Scripting

[Martin73]

I am scanning my server regularly with the service ScanMyServer from Beyond Security. Recently I have got following result:

The remote web server seems to be vulnerable to the Cross Site Scripting vulnerability.
The vulnerability is caused when the result returned to the user when a non-existing file is requested contains the original URL (e.g. the result contains the JavaScript provided in the request).
The vulnerability would allow an attacker to make the server present the user with the attacker's JavaScript/HTML code.
Since the content is presented by the server, the user will give it the trust level of the server (for example, the trust level of banks, shopping centers, etc. would usually be high).

Sample URL: https://www.mydomain.com:443/index.php?param=">alert(document.cookie)< /script>.php
Sample Request:
===
GET /index.php?param=">alert(document.cookie)</script>.php HTTP/1.1
Connection: Close
Host: www.mydomain.com
Pragma: no-cache
User-Agent: Mozilla/5.0 (X11
U
Linux i686
en-US
rv:1.7.8)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

How can I change the setting to protect the server?

My virtual server:
Ubuntu 16.04.4 LTS‬
Plesk Onyx 17.8.11

 

[pleskpanel]

The underlying cause of this is not so much related to your server but rather that your index.php script or your application is not sanitizing inputs.

Inputs passed to sites or pages may be legitimate or nefarious in nature so while there are tools that run at the server or CDN level to scan for and block those requests, you would be better off fixing the script itself since the PHP script is what is enabling anyone to pass scripts that directly rendered on the page.

The takeaway here is that it's not a Plesk or OS issue.

 

[Martin73]

You're right. I have adapted the htaccess file and will wait for the result of the next security scan.