Description
Due to incorrect configuration, the web application discloses a full path to a file with source code, which generated a response, in the "X-SourceFiles" header.
Remediation
Hide X-SourceFiles header
References
Related Vulnerabilities
Atlassian Confluence Stored Cross Site Scripting
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
WordPress Plugin Simple History Information Disclosure (1.0.7)