Hello, I have done some tests on XSS attacks with ModSecurity and the base rules for XSS attack from the CRS. I have found that this set of rules doesn't check for an XSS attack vector in the User-agent field of the HTTP message. Is this true or am I missing something? Thank you for your consideration, Michele Roviello
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
