WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 4 months ago

#53783 new defect (bug)

Visiting Widgets Is Blocking Access To My Server — at Initial Version

Reported by: inkwellcd Owned by:
Milestone: Awaiting Review Priority: normal
Severity: blocker Version: 5.8
Component: Widgets Keywords: reporter-feedback
Focuses: Cc:

Description

Any time I visit widgets with my current host I get blocked from visiting all of my websites on the server.

Here are the details:

triggering a mod security rule as below:

941160 Warning. Pattern match \"(?i:(?:<
w[
s
S]*[
s
/]|\'
" ?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange ...\" at REQUEST_HEADERS:Referer. [file \"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"199\"] [id \"941160\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: \x0d\x0a 2021-07-24 18:22:36

Change History (0)

Note: See TracTickets for help on using tickets.