CVE-2018-10230
MEDIUM NUCLEIZend Server < 9.1.3 - Cross-Site Scripting in Zend Debugger
Title source: llmExploitation Summary
CVE-2018-10230 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
Nuclei Templates (1)
Zend Server <9.13 - Cross-Site Scripting
MEDIUMby marcos_iaf
Shodan:
cpe:"cpe:2.3:a:zend:zend_server"
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf
Release Notes, Vendor Advisory x_refsource_confirm
https://www.zend.com/en/products/server/release-notes
Scores
CVSS v3
6.1
EPSS
0.0271
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zend/zend_server
< 9.1.3
Published
Apr 19, 2018
Tracked Since
Feb 18, 2026