SOLVED [CPANEL-28481] ModSecurity Rules Containing JavaScript Break WHM >> ModSecurity Tools UI

FidoSysop

Member
Dec 29, 2018
9
1
1
Clearwater Florida
cPanel Access Level
Root Administrator
Since upgrading to WHM v82.0.6 when clicking on the modsecurity tools tab instead of seeing the errors I get a popup box saying XSS. clicking the popup reveals some form of code. Sorry I'm a hobbyist and never ran into this before. The site shown is working OK as far as i can tell.

Curious if this is a bug in v82.0.6 or did i get whacked? Tried deleting 'SpiderLabs OWASP curated ModSecurity rule set' and reinstalling but it made no difference.

Screenshot of what I'm seeing is below.

Much Obliged :)mstxss1.jpg
 

Attachments

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,862
2,216
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

The following case is included with cPanel & WHM version 82.0.7 and should address the reported issue:

Fixed case CPANEL-28481: Ensure we escape '<' correctly when stringifying JSON in Template Toolkit.

Let us know if the issue persists after updating to version 82.0.7 or newer.

Thank you.