Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jayj Quicktag Multiple Vulnerabilities (1.3.1)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Scripting (1.4)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)
WordPress Plugin Add From Server Cross-Site Request Forgery (3.3.1)