Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2017-10282 Vulnerability (CVE-2017-10282)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.17)
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Information Disclosure (3.2.10)