WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 4 months ago

#53783 new defect (bug)

Visiting Widgets Is Blocking Access To My Server — at Version 1

Reported by: inkwellcd Owned by:
Milestone: Awaiting Review Priority: normal
Severity: blocker Version: 5.8
Component: Widgets Keywords: reporter-feedback
Focuses: Cc:

Description (last modified by sabernhardt)

Any time I visit widgets with my current host I get blocked from visiting all of my websites on the server.

Here are the details:

triggering a mod security rule as below:

 941160 Warning. Pattern match \"(?i:(?:<\\w[\\s\\S]*[\\s\\/]|\'\\" ?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange ...\" at REQUEST_HEADERS:Referer. [file \"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf\"] [line \"199\"] [id \"941160\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data: \x0d\x0a 2021-07-24 18:22:36

Change History (1)

#1 @sabernhardt
4 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.