From dea16d4ebde99d912ffb46b008e589c36a03935f Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Mon, 10 May 2021 18:20:48 +0000
Subject: [PATCH 1/2] Update top-xss-params.yaml

Fixes an edge case false positive on AkamaiGhost servers
---
 vulnerabilities/generic/top-xss-params.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
diff --git a/vulnerabilities/generic/top-xss-params.yaml b/vulnerabilities/generic/top-xss-params.yaml
index 393f187037..141909ebc9 100644
--- a/vulnerabilities/generic/top-xss-params.yaml
+++ b/vulnerabilities/generic/top-xss-params.yaml
@@ -42,6 +42,14 @@ requests:
           - "text/html"
         part: header
 
+      - type: word
+        words:
+          - "<title>Access Denied</title>"
+          - "You don't have permission to access"
+        part: body
+        condition: and
+        negative: true
+
       - type: status
         status:
           - 200

From 37ac4c092436f4799eb7c727bb32d551b7adfb26 Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Mon, 10 May 2021 18:39:09 +0000
Subject: [PATCH 2/2] Update top-xss-params.yaml

Fix more false positives.
---
 vulnerabilities/generic/top-xss-params.yaml | 30 ++++++++++-----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/vulnerabilities/generic/top-xss-params.yaml b/vulnerabilities/generic/top-xss-params.yaml
index 141909ebc9..a420339614 100644
--- a/vulnerabilities/generic/top-xss-params.yaml
+++ b/vulnerabilities/generic/top-xss-params.yaml
@@ -19,21 +19,21 @@ requests:
     matchers:
       - type: word
         words:
-          - "\"<svg/onload=confirm('q')>"
-          - "\"<svg/onload=confirm('s')>"
-          - "\"<svg/onload=confirm('search')>"
-          - "\"<svg/onload=confirm('id')>"
-          - "\"<svg/onload=confirm('action')>"
-          - "\"<svg/onload=confirm('keyword')>"
-          - "\"<svg/onload=confirm('query')>"
-          - "\"<svg/onload=confirm('page')>"
-          - "\"<svg/onload=confirm('keywords')>"
-          - "\"<svg/onload=confirm('url')>"
-          - "\"<svg/onload=confirm('view')>"
-          - "\"<svg/onload=confirm('cat')>"
-          - "\"<svg/onload=confirm('name')>"
-          - "\"<svg/onload=confirm('key')>"
-          - "\"<svg/onload=confirm('p')>"
+          - "'>\"<svg/onload=confirm('q')>"
+          - "'>\"<svg/onload=confirm('s')>"
+          - "'>\"<svg/onload=confirm('search')>"
+          - "'>\"<svg/onload=confirm('id')>"
+          - "'>\"<svg/onload=confirm('action')>"
+          - "'>\"<svg/onload=confirm('keyword')>"
+          - "'>\"<svg/onload=confirm('query')>"
+          - "'>\"<svg/onload=confirm('page')>"
+          - "'>\"<svg/onload=confirm('keywords')>"
+          - "'>\"<svg/onload=confirm('url')>"
+          - "'>\"<svg/onload=confirm('view')>"
+          - "'>\"<svg/onload=confirm('cat')>"
+          - "'>\"<svg/onload=confirm('name')>"
+          - "'>\"<svg/onload=confirm('key')>"
+          - "'>\"<svg/onload=confirm('p')>"
         part: body
         condition: or
 
