Description
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)
MySQL CVE-2024-21171 Vulnerability (CVE-2024-21171)
PostgreSQL Other Vulnerability (CVE-2005-1409)
Ruby Resource Management Errors Vulnerability (CVE-2014-6438)
WordPress Plugin Login rebuilder Cross-Site Request Forgery (1.1.3)