Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)
Drupal Core 9.1.x Multiple Security Bypass Vulnerabilities (9.1.0 - 9.1.12)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.33)
WordPress Plugin Arabic Font Multiple Vulnerabilities (1.2)
WordPress Plugin Mail Subscribe List Unspecified Vulnerability (2.0.9)