Modified WAF Objects: [total: 1]
==================================
Signature:
    ID: '613872'
    Name: XSS - alert
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="alert", rgxp="[';`>\"][\s\S]{0,50}\balert\s*[(`]."
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - parameters
    - headers


New WAF Objects: [total: 5]
==================================
Signature:
    ID: '708440'
    Name: xss double constructor
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part=".join(", rgxp="\.join\([\s\S]{1,50}constructor[\s\S]{1,50}constructor"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - parameters

Signature:
    ID: '708439'
    Name: Windows sensitive files - "/inetpub/wwwroot/global.asa"
    Attack: Illegal Resource Access - Blocking
    Attack Class: Illegal Resource Access
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/inetpub/wwwroot/global.asa"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - headers
    - url-and-parameters

Signature:
    ID: '708438'
    Name: jsfuck obfuscation technique
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="![]+[]", rgxp="[\[\]\(\)\!\+]{50}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - headers
    - url-and-parameters

Policy:
  name: 'CVE-2025-52665: RCE - UniFi OS'
  id: '20000333'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request
    operation: Match All
    match values:
    - part: header
      name: Host
      operation: includes
      value: :9780
  - type: HTTP Request
    operation: Match Any
    match values:
    - part: url
      operation: includes
      value: /api/v1/user_assets/touch_pass/keys
    - part: url
      operation: includes
      value: /api/ucore/backup/export
    - part: url
      operation: includes
      value: /api/v1/user_assets/nfc

Policy:
  name: 'CVE-2025-11953: Unauthenticated React Native CLI - RCE'
  id: '20000332'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request
    operation: Match All
    match values:
    - part: url
      operation: MatchRegExp
      value: \/open-url$
    - part: header
      name: Content-Type
      operation: includes
      value: application/json
    - part: parameter
      name: url
      operation: includes
      value: cmd
  - type: HTTP Request Method
    operation: At Least One
    values:
    - POST