Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Remediation
References
Related Vulnerabilities
WordPress Plugin Bookmarkify Multiple Vulnerabilities (2.9.2)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder Unspecified Vulnerability (1.5.3)
Trac Incorrect Default Permissions Vulnerability (CVE-2010-5108)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)