CVE-2018-13065: XSS
First published: Tue Jul 03 2018(Updated: )
** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trustwave ModSecurity | =3.0.0 | |
| =3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-13065?
CVE-2018-13065 is a vulnerability in ModSecurity 3.0.0 that allows XSS attacks through the onerror attribute of an IMG element.
What is the severity of CVE-2018-13065?
The severity of CVE-2018-13065 is medium (6.1).
What software is affected by CVE-2018-13065?
ModSecurity 3.0.0 is affected by CVE-2018-13065.
Are there any known exploits for CVE-2018-13065?
Yes, there are known exploits for CVE-2018-13065.
How can I prevent XSS attacks through the onerror attribute of an IMG element in ModSecurity 3.0.0?
To prevent XSS attacks through the onerror attribute of an IMG element in ModSecurity 3.0.0, ensure that a Core Rule Set is configured.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/trustwave
- canonical/trustwave modsecurity
- version/trustwave modsecurity/3.0.0