Description
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2242)
Moodle Incorrect Authorization Vulnerability (CVE-2020-25701)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19595)