Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Remediation

References

CVE-2008-0005

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27957)

WordPress Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2016-10033)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17578)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.9)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2324)

Severity

Medium

Classification

CVE-2008-0005 CWE-707

Tags

Missing Update Known Vulnerabilities