Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bind Users to Taxonomy Cross-Site Scripting (0.3)
WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)
WordPress Plugin HandL UTM Grabber Security Bypass (2.6.4)
WordPress Plugin Thrive Comments Security Bypass (1.4.15.2)
WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0)