Access Control: Nginx Virtual Host Traffic Status Module - Cross-Site Scripting¶

Identifier: nginx_module_vts_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Nginx Virtual Host Traffic Status Module contains a cross-site scripting vulnerability, allowing attackers to execute arbitrary scripts and steal cookie-based authentication credentials.

How we test: We test for XSS vulnerabilities in Nginx Virtual Host Traffic Status Module by injecting malicious payloads and analyzing responses to detect if scripts are executed in the browser.

Reference:

https://github.com/vozlt/nginx-module-vts

Configuration¶

Example¶

Example configuration:

---
security_tests:
  nginx_module_vts_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.