Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Facebook Multiple Cross-Site Scripting Vulnerabilities (1.0.10)
WordPress Plugin WP-OliveCart Multiple Vulnerabilities (3.1.2)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.24)
WordPress Plugin Media Library Assistant PHP Object Injection (2.60)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)