Access Control: Nginx Virtual Host Traffic Status Module - Cross-Site Scripting¶

Identifier: nginx_module_vts_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Nginx Virtual Host Traffic Status Module contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.

Reference:

https://github.com/vozlt/nginx-module-vts

Configuration¶

Example¶

Example configuration:

---
security_tests:
  nginx_module_vts_xss:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.