2 matches found
EUVD-2012-2731
Malware in sbrugna...
Cross site scripting
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...