Interchange is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Interchange versions prior to 5.6.3 and 5.4.5 are vulnerable.
This issue has been addressed in Interchange 5.4.5 and 5.6.3.
- phpGraphy 'theme_dir' Parameter Cross Site Scripting Vulnerability
- Bitweaver Multiple Cross-Site Scripting Vulnerabilities
- net2ftp Multiple Cross-Site Scripting Vulnerabilities
- ownCloud Multiple Cross Site Scripting Vulnerabilities -03 May14
- Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability