- Home
- CVEs with nessus.description==Cross-site scripting (XSS) vulnerability in the mod_negotiation module
in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series,
2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the
1.3.x series allows remote authenticated users to inject arbitrary web
script or HTML by uploading a file with a name containing XSS
sequences and a file extension, which leads to injection within a (1)
'406 Not Acceptable' or (2) '300 Multiple Choices' HTTP response when
the extension is omitted in a request for the file.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top