[Owasp-modsecurity-core-rule-set] Some XSS evasions posted
christian.folini at time-machine.ch
Tue Sep 15 04:03:05 UTC 2015
What is funny about the paper is, that he lists contact with all
the other vendors and how they reacted to his responsible
disclosure, but this is missing for ModSec.
Has there been no contact / no interest to patch in due time?
It's easier to ask forgiveness, than it is to get permission.
-- Radm Grace Hopper, aka Amazing Grace
More information about the Owasp-modsecurity-core-rule-set