'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

xss_xss:execscript(Rule ID:1030000016)

Release Date2025/9/15

Rule NameDetect XSS Injection with JavaScript Function 'execscript'

Severity:high

CVE ID

 

Descripiton

Cross-site scripting(XSS) is a type of computer security vulnerability tipically found in Web application. XSS enables attackers to inject client-side scripts into Web pages viewed by other users. JavaScript 'window' object has 'execscript' method which can execute arbitrary code. It's very dangerous when attackers use it to implement XSS attack. This rule detects 'execscript' method in HTTP request. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.