SOLVED [CPANEL-28481] ModSecurity Rules Containing JavaScript Break WHM >> ModSecurity Tools UI

F

FidoSysop

Member
Dec 29, 2018
9
1
1
Clearwater Florida
cPanel Access Level
Root Administrator
Since upgrading to WHM v82.0.6 when clicking on the modsecurity tools tab instead of seeing the errors I get a popup box saying XSS. clicking the popup reveals some form of code. Sorry I'm a hobbyist and never ran into this before. The site shown is working OK as far as i can tell.

Curious if this is a bug in v82.0.6 or did i get whacked? Tried deleting 'SpiderLabs OWASP curated ModSecurity rule set' and reinstalling but it made no difference.

Screenshot of what I'm seeing is below.

Much Obliged :)mstxss1.jpg
 

Attachments

cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello :)

The following case is included with cPanel & WHM version 82.0.7 and should address the reported issue:

Fixed case CPANEL-28481: Ensure we escape '<' correctly when stringifying JSON in Template Toolkit.

Let us know if the issue persists after updating to version 82.0.7 or newer.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C Malware scanners for cPanel - what options do I have right now? Security 5
J In Progress CPANEL-43160 - cPHulk database issues leading to high cpu user for /usr/sbin/nft --json list ruleset Security 2
K Modsecurity and cpanel questions Security 3
N malicious attacks that changed my cpanel password Security 3
E Script to get cpanel access logs through email Security 2
Similar threads
Malware scanners for cPanel - what options do I have right now?
In Progress CPANEL-43160 - cPHulk database issues leading to high cpu user for /usr/sbin/nft --json list ruleset
Modsecurity and cpanel questions
malicious attacks that changed my cpanel password
Script to get cpanel access logs through email
Top Bottom