CVE-2018-13065 — Cross-site Scripting in Modsecurity

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 48.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owasp Modsecurity

Timeline

PublishedJul 3

Latest updateMay 13

Description

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDowasp/modsecurity3.0.0

🔴Vulnerability Details

GHSA

GHSA-p6wp-wgv9-7657: ** DISPUTED ** ModSecurity 3↗2022-05-13

▶

CVEList

CVE-2018-13065: ModSecurity 3↗2018-07-03

▶

OSV

CVE-2018-13065: ** DISPUTED ** ModSecurity 3↗2018-07-03

▶