False Positive | 213070 | WHMCS Version 5.3.7

RULE ID 213070

Content-Length: 4883

HTTP/1.1 404 Not Found
X-Powered-By: PHP/5.4.27
X-Frame-Options: ALLOWALL
X-Pingback: https://codwebhosting.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wfvt_768556188=538f52206bd89; expires=Wed, 04-Jun-2014 17:36:40 GMT; path=/; httponly
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 9006
Connection: close
Content-Type: text/html; charset=UTF-8

–75f53235-H–
Message: Access denied with code 403 (phase 2). Pattern match “(?i:["'][ ]{0,}(([^a-z0-9 ':_~])|(in)).{0,}?(((l|(\\u006C))(o|(\\u006F))(c|(\\u0063))(a|(\\u0061))(t|(\\u0074))(i|(\\u0069))(o|(\\u006F))(n|(\\u006E)))|((n|(\\u006E))(a|(\\u0061))(m|(\\u006D))(e|(\\u0065)))|((o|(\\u006F))(n|( …” at ARGS:emailglobalheader. [file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “1093”] [id “213070”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”] [data "Matched Data: \x22{$company_domain}\x22 target=\x22_blank\x22>\x22{$company_name}\x22\x22{$company_name}\x22

"]
Action: Intercepted (phase 2)
Stopwatch: 1401901600090125 510091 (- - -)
Stopwatch2: 1401901600090125 510091; combined=36109, p1=203, p2=35828, p3=0, p4=0, p5=77, sr=27, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); COMODO WAF: rules for Apache 2.4.
Server: Apache
Engine-Mode: “ENABLED”

Lots of issues with WHMCS. CWAF is now disabled.

Thanks for your feedback.
You may exclude rule 213070 globally by Comodo WAF Plugin/Catalog/Global config Search By Rule Id.