Description
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
Remediation
References
Related Vulnerabilities
Telerik Web UI Improper Input Validation Vulnerability (CVE-2017-11357)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)
Payara Files or Directories Accessible to External Parties Vulnerability (CVE-2022-45129)
ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4322)
WordPress Plugin User Access Manager Unspecified Vulnerability (1.2.6.9)