Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)
Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.9.3)
WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)
WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)
WordPress Plugin Affiliates Manager Unspecified Vulnerability (2.7.7)