Description
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
MySQL CVE-2022-21279 Vulnerability (CVE-2022-21279)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0119)
WordPress Plugin A Page Flip Book 'pageflipbook_language' Parameter Local File Include (2.3)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)