Applies to Product - Power Pages
What’s happening?
Customers are experiencing issues with cross-site scripting (XSS) vulnerabilities detected in their Power Pages applications. The Web Application Firewall (WAF) is not enabling for specific portals, leading to concerns about security measures.
Reason:
The underlying cause of this is related to the configuration of the WAF and its inability to effectively block XSS vulnerabilities, even when enabled. Additionally, there may be specific configurations or settings within the Power Pages that are not aligned with security best practices.
Resolution:
- Review the security settings and configurations of the Power Pages application.
- Ensure that the WAF is properly configured and enabled for the specific portal in question.
- Consult the Power Pages security white paper for detailed guidance on security measures and best practices. The white paper can be found at: Power Pages Security White Paper.
- If this persists, gather detailed information about the specific vulnerabilities reported, including screenshots and descriptions of the forms where the vulnerabilities were detected.
- Collaborate with the product engineering team to investigate further and implement necessary changes based on the findings.
- If additional assistance is required, consider creating a support instance for testing purposes to replicate this accurately.
