CVE-2018-13065

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured

Ссылки

https://github.com/SpiderLabs/ModSecurity/issues/1829
Third Party Advisory
https://hackings8n.blogspot.com/2018/07/cve-2018-13065-modsecurity-300-has-xss.html
Third Party Advisory
https://www.exploit-db.com/exploits/44970/
Broken Link
https://github.com/SpiderLabs/ModSecurity/issues/1829
Third Party Advisory
https://hackings8n.blogspot.com/2018/07/cve-2018-13065-modsecurity-300-has-xss.html
Third Party Advisory
https://www.exploit-db.com/exploits/44970/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:owasp:modsecurity:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00284

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-13065

CVSS3: 6.1

ubuntu

больше 7 лет назад

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured

GHSA-p6wp-wgv9-7657

CVSS3: 6.1

github

больше 3 лет назад

** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured.

EPSS

Процентиль: 51%

0.00284

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79