Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20100)
WordPress Plugin wpForo Forum SQL Injection (2.3.3)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7932)
Moodle Improper Input Validation Vulnerability (CVE-2017-2576)
Apache HTTP Server CVE-2012-0883 Vulnerability (CVE-2012-0883)