I have a problem with the detection of WAF OWASP TOP 10

I have a problem with the detection of WAF OWASP TOP 10, where CF cannot detect vulnerabilities such as self-xss which are injected directly into the form or cookie header

Is CF really not detecting it or am I missing something?

Did you have Cloudflare Managed Ruleset turned on?

1 Like

yes I activate it, if the xss attack directly on the url will be detected, but the attacker can enter the script into a form or the cookie is not detected by CF

Would you mind to share the steps of the attack so that @mdemoura can take a look?

This topic was automatically closed after 30 days. New replies are no longer allowed.