This alert was generated using only banner information. It may be a false positive.
Fixed in Apache httpd 2.0.63:
low: mod_proxy_ftp UTF-7 XSS CVE-2008-0005
A workaround was added in the mod_proxy_ftp module. On sites where mod_proxy_ftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616.
moderate: mod_status XSS CVE-2007-6388
A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
moderate: mod_imap XSS CVE-2007-5000
A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.
Affected Apache versions (up to 2.0.62).
- low: mod_proxy_ftp UTF-7 XSS CVE-2008-0005
- Upgrade Apache 2.x to the latest version.
- WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1)
- WordPress Plugin GD bbPress Tools Cross-Site Scripting (1.7)
- WordPress Plugin PhotoSmash Galleries 'action' Parameter Cross-Site Scripting (1.0.2)
- WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)
- WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)