Description
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Remediation
References
Related Vulnerabilities
WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)
MySQL CVE-2021-2046 Vulnerability (CVE-2021-2046)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)