ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured
{ "source": "CPE_STRING", "extracted_events": [ { "introduced": "3.0.0" }, { "last_affected": "3.0.0" } ], "cpe": "cpe:2.3:a:owasp:modsecurity:3.0.0:*:*:*:*:*:*:*" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13065.json"