CVE-2018-10230

EPSS 3.36% · P87 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-10230

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Zend Server Zend Debugger 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Zend Server是美国Zend技术公司的一款PHP Web开发应用服务器，它简化了Windows和Linux环境中PHP应用程序的开发和运行。Zend Debugger是其中的一个调试工具。 Zend Server 9.1.3之前版本中的Zend Debugger存在跨站脚本漏洞，该漏洞源于程序在使用错误消息中用户控制的数据之前，没有正确的编码该数据。远程攻击者可通过在服务器响应中构建任意的HTML元素利用该漏洞在用户浏览器中执行任意的JavaScript代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-10230

#	POC Description	Source Link	Shenlong Link
1	Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10230.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-10230

Please Login to view more intelligence information

https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdfx_refsource_MISC
https://www.zend.com/en/products/server/release-notesx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2018-10230

Same Patch Batch · n/a · 2018-04-19 · 48 CVEs total

CVE-2017-18261		Linux kernel 安全漏洞
CVE-2018-10220		Glastopf 安全漏洞
CVE-2018-10222		idreamsoft iCMS 跨站请求伪造漏洞
CVE-2018-10227		MiniCMS 跨站脚本漏洞
CVE-2018-9137		Open-AudIT 安全漏洞
CVE-2018-2783		多款 Oracle 产品访问控制错误漏洞
CVE-2018-2831		Oracle Virtualization VM VirtualBox组件安全漏洞
CVE-2018-2856		Oracle Financial Services Applications Financial Services Basel Regulatory Capital Interna
CVE-2018-10225		thinkphp SQL注入漏洞
CVE-2018-10205		hyperstart 安全漏洞
CVE-2018-10219		baijiacms 安全漏洞
CVE-2018-10188		phpMyAdmin 跨站请求伪造漏洞
CVE-2018-9861		Drupal CKEditor Enhanced Image插件跨站脚本漏洞
CVE-2018-10236		POSCMS 安全漏洞
CVE-2018-10235		POSCMS 安全漏洞
CVE-2018-0276		Cisco WebEx Connect IM 跨站脚本漏洞
CVE-2018-0275		Cisco Identity Services Engine 配置错误漏洞
CVE-2018-0273		Cisco Aggregation Services Router 5000 Series Routers和Virtualized Packet Core System Softw
CVE-2018-0272		Cisco Firepower System Software Secure Sockets Layer引擎资源管理错误漏洞
CVE-2018-0269		Cisco Digital Network Architecture Center 信息泄露漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-10230

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-10230

I. Basic Information for CVE-2018-10230

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-10230

III. Intelligence Information for CVE-2018-10230

Same Patch Batch · n/a · 2018-04-19 · 48 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-10230

Leave a comment