Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Remediation

References

CVE-2012-5486

Related Vulnerabilities

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Multiple Unspecified Vulnerabilities (1.2.1)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2022-1343)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6927)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9581)

Severity

Medium

Classification

CVE-2012-5486

Tags

Missing Update Known Vulnerabilities