Description
Description
GET /api/v1/query?q=7XMLNS triggered false positive because the parameter contains "XMLNS"
#16 4.565 Rule Id: 941130 phase: 2
#16 4.565 * Match, but no disruptive action: ModSecurity: Warning. Matched "Operator Rx' with parameter (?i)\s\S\b' against variable ARGS:q' (Value: 7XMLNS' ) [file "/opt/coreruleset/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "125"] [id "941130"] [rev ""] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: 7XMLNS found within ARGS:q: 7XMLNS"] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname ""] [uri "/api/v1/query"] [unique_id "162043736477.530879"] [ref "o0,6v20,6t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls"]
Your Environment
CRS version: default v3.4/dev
Paranoia level setting:
ModSecurity version : 3.0.4
Web Server and version :
Operating System and version: Amazon Linux 2
Confirmation
[ x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.