Skip to content

Libinjection - XSS Detection Rule 94110 false/positive  #155

New issue
New issue
Open
Open
Libinjection - XSS Detection Rule 94110 false/positive #155
@MelleD

Description

@MelleD
MelleD
opened on Apr 19, 2021

Description
If you use the following Json in the playload, the rule 94110 is triggered. The problem is the string "filter={AnyChar}"
"query":"filter=in(labels.name,"test")"

Error message:

"message":"XSS Attack Detected via libinjection","action":"Matched","site":"Global","details":{"message":"Warning. detected XSS using libinjection. ","data":"Matched Data: XSS data found within ARGS:query: filter=in(labels.name,\x22test\x22)"

From my point of view, the rule should not be triggered by this payload

Here is the orginal issue: coreruleset/coreruleset#2041 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions