Post update not being allowed due to XSS detection

  • Resolved larsenja

    (@larsenja)


    9 years, 9 months ago

    We are running WP Multisite.

    We are getting an XSS error when updating content.

    Here is the error as reported in the log:

    09/Feb/15 12:56:38 #4099164 high 100 173.245.54.173 POST /wp-admin/post.php - XSS (HTML tag) - [POST:content = <table style="width: 100%;" border="0" cellspacing="0" cellpadding="7">%0d%0a<tbody>%0d%0a<tr>%0d%0a<td>%0d%0a<table style="width: 100%;">%0d%0a<tbody>%0d%0a<tr>%0d%0a<td valign="top" width="50%"><span style="font...]

    I’m confused as to why the POST is being flagged for XSS. We’ve had to disable the Firewall until we can get this resolved.

    Thanks!

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    The log shows you are blocked by rule #100. That rule checks for potential XSS vulnerability that may use <iframe>, <script> or similar HTML tags.
    If you are not logged in as admin/superadmin, you may trigger the rule while posting some HTML code.
    You can simply disable this rule from the “NinjaFirewall > Rules Editor” menu: select rule 100 and click “Disable it”.

    Same here. I had to disable rule 100. I did not even use any html code, just plain text in my new post…

    I am logged in as the super admin and far as I know not using any prohibited HTML tags and still get blocked. Simply disabling the rules would defeat the firewall. I tried and it seems if I disable one then another is triggered and so on.

    See – https://www.ads-software.com/support/topic/xss-html-tag

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Post update not being allowed due to XSS detection’ is closed to new replies.