Description
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin PHPFreeChat 'url' Parameter Cross-Site Scripting (0.2.8)
Internet Information Services Other Vulnerability (CVE-1999-1233)
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-1755)
WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)
PostgreSQL Out-of-bounds Write Vulnerability (CVE-2015-0242)