• Input passed to the "User-Agent" header parameter it isn't properly sanitised before being returned to the user on 404 or 500 error. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  
  Confirmed in version MX 7. Other versions may also be affected.

• Contact the vendor for further information.

• • CVE-2007-0817
  • Product Homepage

• 

• CVE-2007-0817

• CWE-79

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

• Missing Update XSS

• WordPress Plugin Jigoshop Multiple Unspecified Vulnerabilities (1.17.13)
• WordPress Plugin Backup & Restore Dropbox Multiple Vulnerabilities (1.4.7.5)
• Apache 2.0.39 Win32 directory traversal
• WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.7.38)
• WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)