Description
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Remediation
References
Related Vulnerabilities
WordPress Plugin TAuto Poster includes Backdoor [Only if downloaded via the vendor website] (1.4.5)
WordPress Plugin WP Product Review Lite Cross-Site Scripting (3.7.5)
WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.5.10)
WordPress Plugin Server Status by Hostname/IP SQL Injection (4.6)
WordPress Plugin BP Group Documents Multiple Vulnerabilities (1.2.1)