Description
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
Remediation
References
Related Vulnerabilities
Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2213)
WordPress Plugin File Uploader Arbitrary File Upload (1.1)
Internet Information Services Other Vulnerability (CVE-2000-0884)
WordPress Plugin Ninja Forms with File Uploads Extension Cross-Site Scripting (3.3.12)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)