Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt"; flow:to_server,established; http.uri; content:"/Forms/login1?login_username="; nocase; pcre:"/(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:url,securitytracker.com/alerts/2009/Dec/1023331.html; classtype:web-application-attack; sid:2010507; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag XSS, tag Cross_Site_Scripting, updated_at 2020_09_10;)