Libinjection - XSS Detection Rule 94110 false/positive

[MelleD]

Description If you use the following Json in the playload, the rule 94110 is triggered. The problem is the string "filter={AnyChar}" "query":"filter=in(labels.name,"test")"

Error message:

"message":"XSS Attack Detected via libinjection","action":"Matched","site":"Global","details":{"message":"Warning. detected XSS using libinjection. ","data":"Matched Data: XSS data found within ARGS:query: filter=in(labels.name,\x22test\x22)"

From my point of view, the rule should not be triggered by this payload

Here is the orginal issue: https://github.com/coreruleset/coreruleset/issues/2041#issuecomment-804098811