alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Horde XSS attempt test.php"; flow:to_server,established; http.uri; content:"/horde/test.php?"; nocase; pcre:"/test\x2Ephp\x3F[^\x0A\x0D]*ext\x3D[^\x0A\x0D\x26]*[\x3E\x3C\x22\x27]/i"; reference:url,bugs.horde.org/ticket/8399; classtype:web-application-attack; sid:2009495; rev:9; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_11;)