Description
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2585 Vulnerability (CVE-2019-2585)
WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)
phpMyAdmin Other Vulnerability (CVE-2004-1055)
WordPress Plugin Postman SMTP Mailer/Email Log Cross-Site Scripting (2.0.0)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-6623)