Description
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)
Seo Panel Observable Discrepancy Vulnerability (CVE-2024-22647)
MySQL Other Vulnerability (CVE-2010-3839)
Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)
WordPress Plugin Event Organiser Cross-Site Scripting (2.12.4)