[Owasp-modsecurity-core-rule-set] Some XSS evasions posted

Christian Folini christian.folini at time-machine.ch
Tue Sep 15 04:03:05 UTC 2015

Good morning,

What is funny about the paper is, that he lists contact with all
the other vendors and how they reacted to his responsible
disclosure, but this is missing for ModSec.

Has there been no contact / no interest to patch in due time?



It's easier to ask forgiveness, than it is to get permission.
-- Radm Grace Hopper, aka Amazing Grace

More information about the Owasp-modsecurity-core-rule-set mailing list