Possible XSS injection in CSS

  • martyyn

    (@martyyn)


    6 years, 5 months ago

    My hosts have updated their modsecurity and are flagging the following files as potentially XSS vulnerabilities.

    /wp-content/plugins/onepress-plus/assets/js/onepress-plus.js?ver=2.1.8
    /wp-content/plugins/onepress-plus/onepress-plus.css?ver=2.1.8

    This is causing the site to display incorrectly.

    Has anyone else seen this as a problem ?

    Thanks

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • longnguyen

    (@longnguyen)

    6 years, 5 months ago

    Hi @martyyn

    I’ve not seen any problems like this before.

    Could you please let me know the details of your hosting/server provider report about the XSS vulnerabilities?

    I will send it to the developer team to take a look at this case and will let you know if there is any information.

    Regards.

    Thread Starter martyyn

    (@martyyn)

    6 years, 5 months ago

    Hi @longnguyen,

    What would you like to see ? I only have access to a basic error log. This is what I am seeing.

    [Sun Dec 22 19:49:11.422192 2019] [:error] [pid 1022383:tid 139919078643456] [client 59.120.34.106:49749] [client 59.120.34.106] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/etc/apache2/conf.d/modsecurity.d/12_asl_adv_xss_rules.conf”] [line “49”] [id “341257”] [rev “1”] [msg “JS WAF Rules: Possible Cross Site Scripting attack (detectXSS) in URL/URI”] [data “/wp-tss/wp-content/plugins/onepress-plus/onepress-plus.css?ver=2.1.8”] [severity “CRITICAL”] [hostname “domain.co.nz”] [uri “/wp-tss/wp-content/plugins/onepress-plus/onepress-plus.css”] [unique_id “XgAPByX9woPdfhm1Oz4KHQAAABE”], referer: https://domain.co.nz/
    [Sun Dec 22 19:49:11.715010 2019] [:error] [pid 1022383:tid 139919045072640] [client 59.120.34.106:49749] [client 59.120.34.106] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/etc/apache2/conf.d/modsecurity.d/12_asl_adv_xss_rules.conf”] [line “49”] [id “341257”] [rev “1”] [msg “JS WAF Rules: Possible Cross Site Scripting attack (detectXSS) in URL/URI”] [data “/wp-tss/wp-content/plugins/onepress-plus/assets/js/onepress-plus.js?ver=2.1.8”] [severity “CRITICAL”] [hostname “domain.co.nz”] [uri “/wp-tss/wp-content/plugins/onepress-plus/assets/js/onepress-plus.js”] [unique_id “XgAPByX9woPdfhm1Oz4KLgAAADk”], referer: https://domain.co.nz/

    longnguyen

    (@longnguyen)

    6 years, 5 months ago

    Hi @martyyn

    Sorry for the late reply.

    I’ve not seen this warning XSS Injection with CSS code before. I’m going to create an issue for the developer to take a look at this case and let you know if there is any information.

    Thanks for your information.

    Thread Starter martyyn

    (@martyyn)

    6 years, 4 months ago

    Hi @longnguyen,

    Has their been any update to this ?

    Thanks
    Martyn

    shrimp2t

    (@shrimp2t)

    6 years, 4 months ago

    Hi @martyyn, don’t worry about this warning.
    I’ve not see any XSS Injection with js and CSS before too.
    Could you please paste your modsecurity file content here ?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Possible XSS injection in CSS’ is closed to new replies.

Tags