Description
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
OpenVPN AS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2061)
Jenkins Incorrect Authorization Vulnerability (CVE-2017-2611)
WordPress Plugin Vospari Forms Cross-Site Scripting (1.3)
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)