Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3743)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
PHP Other Vulnerability (CVE-2007-1900)
OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3207)