Tag: xss

All the articles with the tag "xss".

• [CVE-2025-54571] ModSecurity Content-Type Confusion Exposes Script Source and Enables Stored XSS

  6 Aug, 2025

  For more than a decade ModSecurity has sat between Apache and the open internet. A subtle error in its error-handling path lets attackers override the Content-Type header after a parsing failure, resulting in plain-text leakage of protected scripts and reliable cross-site scripting in every version up to 2.9.11.