Description
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)
WordPress Plugin Find My Blocks Information Disclosure (3.3.2)
WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
ownCloud Other Vulnerability (CVE-2012-5609)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.148)