Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Remediation

References

CVE-2008-0005

Related Vulnerabilities

MySQL CVE-2021-35625 Vulnerability (CVE-2021-35625)

LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9960)

WordPress Plugin Markup (JSON-LD) structured in schema.org Cross-Site Scripting (4.8.1)

Python Protection Mechanism Failure Vulnerability (CVE-2016-0772)

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.8)

Severity

Medium

Classification

CVE-2008-0005 CWE-707

Tags

Missing Update Known Vulnerabilities