XSS in Trustwave Modsecurity

CVE-2009-5031

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (74.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References