Description
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
Remediation
References
Related Vulnerabilities
WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)
WordPress Plugin Quick Contact Form Multiple Vulnerabilities (8.0.3.1)
WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.9.3)
WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)