WEB Cross-site scripting attempt

[dcox () medquist com]

Greetings All,

I am getting thousands of alerts on the " Bleeding-Edge Web Cross-site
scripting attempt" rule. These alerts are being logged from my external
(public side of firewall) snort box.  All the alerts are pointing to the
same ip of 63.211.238.135:80 as  the Destination address and my public
interface as the source address. The internal snort box doesn't alert on
this at all.

Can anybody give me some information on the rule itself, and whether I
should be concerned or not.

Thanks in advance.

Dan Cox
Systems Technician
MedQuist Inc, 310
720.206.1000
800.331.3395