Cross Site Scripting Firewall alerts

  • Resolved hexachord

    (@hexachord)


    6 years, 1 month ago

    After installing and activating Advanced Gutenberg I started receiving the following cross site scripting alerts from the WordFence firewall plugin

    Wordfence Firewall blocked a background request to WordPress for the URL /wp-admin/admin-ajax.php?_fs_blog_admin=true

    blocked by firewall for XSS: Cross Site Scripting in POST body: blocksList=%3Csvg%20viewbox%3D%220%200%2024%2024%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20role…

    All plugins are up to date including WordPress 5.4.1

    Seems similar to the problem @tnightingale was having with viewbox vs viewBox, although the site is not hosted at GoDaddy

    If I deactivate Advanced Gutenberg the firewall errors stop.

Viewing 1 replies (of 1 total)
  • JoomUnited

    (@joomunited)

    6 years, 1 month ago

    Hi,

    I guess that’s kind of the same detection module. Though, the Viewbox was changed back in time.

    That’s definitely a false positive, can you exclude it?

    Cheers,

Viewing 1 replies (of 1 total)

The topic ‘Cross Site Scripting Firewall alerts’ is closed to new replies.