XSS (cross-site scripting) attack

Replies: 0

The site is being hosted where the security actively monitors and blocks malicious activity.. and for some reason, when I make a change… my access to the site gets flagged and i get pushed out of the site for some time.. very annoying…

For instance, I was just pulling up the logs to see if I could pinpoint this one and the error I see logged (which you just emailed me about) is this:

[client 74.83.100.6] ModSecurity: Access denied with code 403 (phase 2). Match of “rx (?:body|content|description|post|desc|html_message|text)=” against “MATCHED_VAR” required. [file “/etc/apache2/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf”] [line “78”] [id “212800”] [rev “8”] [msg “COMODO WAF: XSS Attack Detected||www.fieldselectric.com|F|2”] [data “Matched Data: background-image\\x22: found within MATCHED_VAR: {\\x22oxi-image-hover-col-lap\\x22:\\x22oxi-bt-col-lg-4\\x22,\\x22oxi-image-hover-col-tab\\x22:\\x22oxi-bt-col-md-6\\x22,\\x22oxi-image-hover-col-mob\\x22:\\x22oxi-bt-col-sm-12\\x22,\\x22oxi-image-hover-effects-time-choices\\x22:\\x22ms\\x22,\\x22oxi-image-hover-effects-time-size\\x22:\\x22250\\x22,\\x22oxi-image-hover-animation-type\\x22:\\x22zoomin\\x22,\\x22oxi-image-hover-animation-duration-size\\x22:\\x221000\\x22,\\x22oxi-image-hover-animation-delay-size\\x22:\\x220\\x…”] [severity “CRITICAL”] [tag “CWAF”] [tag “XSS”] [hostname “www.fieldselectric.com”] [uri “/wp-json/ImageHoverUltimate/v1/elements_template_render_data”] [unique_id “X-31kqDW@M0y14@8ARdutQAAAIg”], referer: https://www.fieldselectric.com/wp-admin/admin.php?page=oxi-image-hover-ultimate&effects=general&styleid=4

There’s a lot to digest there, but I put two key points in bold – whenever you’re triggering that update, our side sees it as an XSS (cross-site scripting) attack which is blocked for many, many reasons. I have no idea why your code is trying to do this, but we will never be able to change a setting to allow XSS because it’s a massive security risk. I would recommend talking to your developer to see about either getting a new plugin that can replace this one or getting whoever writes it to fix this.

Any ideas?