Shouldn't CRS3.0 be flagging this XSS ? I did check the XSS rules but couldn't figure out if why it wasn't getting flagged.
https://localhost/test.action?testingid=29776%27};alert(1);var%20x={%27myid%27:%2723233 Thanks Subin Barclaycard www.barclaycardus.com<http://www.barclaycardus.com> This email and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
