{"id":9787,"date":"2025-08-05T19:56:14","date_gmt":"2025-08-05T19:56:14","guid":{"rendered":"http:\/\/localhost\/?p=9787"},"modified":"2025-08-05T19:56:14","modified_gmt":"2025-08-05T19:56:14","slug":"modsecuritys-insufficient-return-value-handling-can-lead-to-xss-and-source-code-disclosure","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9787","title":{"rendered":"ModSecurity’s Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nModSecurity’s Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-05T23:39:40.712Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-05T23:39:40.712Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nowasp-modsecurity<\/td>\n<\/tr>\n
Product<\/th>\nModSecurity<\/td>\n<\/tr>\n
Version<\/th>\n< 2.9.12<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nModSecurity versions prior to 2.9.12 have a vulnerability where an attacker can override HTTP response Content-Type headers, potentially leading to XSS attacks and source code exposure.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nOWASP Foundation<\/td>\n<\/tr>\n
AI Product<\/th>\nModSecurity<\/td>\n<\/tr>\n
AI Version<\/th>\n< 2.9.12<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n