Description

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

Remediation

References

CVE-2004-2115

Related Vulnerabilities

Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2213)

WordPress Plugin File Uploader Arbitrary File Upload (1.1)

Internet Information Services Other Vulnerability (CVE-2000-0884)

WordPress Plugin Ninja Forms with File Uploads Extension Cross-Site Scripting (3.3.12)

Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)

Severity

Medium

Classification

CVE-2004-2115

Tags

Missing Update Known Vulnerabilities