A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server’s mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.一跨站點腳本(的XSS )漏洞已被發現在阿帕奇的httpd服務器的mod_imap模塊,允許遠程攻擊者注入任意Web腳本或HTML通過referer當使用影像地圖。

Input passed to the image map “Referer” directive in “mod_imap” isn’t properly sanitised before being returned to the user.輸入傳遞到影像地圖“ referer ”指令,在“ mod_imap ”是不正確sanitised之前返回給用戶。 This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.這可以被利用來執行任意HTML和腳本代碼在用戶的瀏覽器在會議的背景下,受影響網站的。

The vulnerability has been reported in versions 1.3.0 through 1.3.34, and versions 2.0.35 through 2.0.55.的脆弱性,已報告在版本1.3.0通過1.3.34 , 2.0.35版本通過2.0.55 。

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.該漏洞已被固定在版本1.3.35 - dev的,和2.0.56 - dev的。

Link鏈接

It affects pretty much all platforms as far as I could check.它影響相當所有平台,據我可以檢查。