Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Remediation

References

CVE-2008-0005

Related Vulnerabilities

WordPress Plugin Mailing List 'wpabspath' Parameter Remote File Include (1.3.3)

WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.65)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1032)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)

WordPress Plugin Better Messages-Live Chat for WordPress, BuddyPress, BuddyBoss, Ultimate Member Multiple Vulnerabilities (1.9.9.37)

Severity

Medium

Classification

CVE-2008-0005 CWE-707

Tags

Missing Update Known Vulnerabilities