Description
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)
WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)
Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)
WordPress Plugin FormCraft-Premium WordPress Form Builder Cross-Site Scripting (3.2.31)