CVE-2009-5031
Trustwave Modsecurity < 2.5.11 - XSS
Title source: ruleDescription
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.
References (11)
Scores
EPSS
0.0080
EPSS Percentile
73.8%
Classification
CWE
CWE-79
Status
published
Affected Products (5)
trustwave/modsecurity
< 2.5.11
opensuse/opensuse
opensuse/opensuse
opensuse/opensuse
n/a/n/a
Timeline
Published
Jul 22, 2012
Tracked Since
Feb 18, 2026