[Tue Nov 05 15:39:17.035672 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Warning. detected XSS using libinjection. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "64"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: x-varnish found within ARGS:jform[text]: <p><span style=\\x22color: #3366ff;\\x22><strong>1. Introduction</strong> </span></p>\\x0d\\x0a<p>Cette seance permet de discuter de l'etablissement d'un lien de causalite, d'evoquer l'echelle des preuves et de donner un apercu modeste sur la construction progressive de la science (passage d'une hypothese, a un ensemble d'etudes epidemiologiques et experimentales pour aboutir a un consensus scientifique communique par les organismes de sante publique com..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.042735 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:jform[text]. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "236"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p><span style=\\x22color: #3366ff;\\x22><strong>1. Introduction</strong> </span></p>\\x0d\\x0a<p>Cette seance permet de discuter de l'etablissement d'un lien de causalite, d'evoquer l'echelle des preuves et de donner un apercu modeste sur la construction progressive de la science (passage d'une hypothese, a un ensemble d'etudes epidemiologiques et experimentales pour aboutir a un consensus scientifique communique par les organismes de sante publique comme l'OMS). La seance s'organise de la fac..."] [severity "CRITICAL"] [ve [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.056707 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Warning. Matched phrase "-->" at ARGS:jform[text]. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "303"] [id "941180"] [rev "2"] [msg "Node-Validator Blacklist Keywords"] [data "Matched Data: --> found within ARGS:jform[text]: <p><span style=\\x22color: #3366ff;\\x22><strong>1. introduction</strong> </span></p>\\x0d\\x0a<p>cette seance permet de discuter de l'etablissement d'un lien de causalite, d'evoquer l'echelle des preuves et de donner un apercu modeste sur la construction progressive de la science (passage d'une hypothese, a un ensemble d'etudes epidemiologiques et experimentales pour aboutir a un consensus scientifique communique par les organismes de sante publique comme l'o..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.058687 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Rule 7f02c03086a0 [id "941200"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "367"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.069719 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Rule 7f02bfa2e788 [id "941310"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "702"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.070580 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Rule 7f02bfa21690 [id "941350"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "737"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.070609 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Rule 7f02bfa21690 [id "941350"][file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "737"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.093086 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379
[Tue Nov 05 15:39:17.093230 2019] [:error] [pid 5223] [client 212.129.32.72:10092] [client 212.129.32.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Node-Validator Blacklist Keywords"] [tag "event-correlation"] [hostname "svt.site.ac-strasbourg.fr"] [uri "/administrator/index.php"] [unique_id "XcGJlZjQsGx1DdXxVvveWQAAAAM"], referer: http://svt.site.ac-strasbourg.fr/administrator/index.php?option=com_flexicontent&task=items.edit&view=item&id=379