CVE-2018-13065

Name of the Vulnerable Software and Affected Versions ModSecurity version 3.0.0

Description The issue concerns an XSS vulnerability via an onerror attribute of an IMG element. It is noted that a third party has disputed this issue, suggesting it may only apply to environments without a Core Rule Set configured.

Recommendations For ModSecurity version 3.0.0, consider configuring a Core Rule Set to potentially mitigate the risk of this issue. As a temporary workaround, restrict the use of onerror attributes in IMG elements until a more definitive resolution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.