Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through search request. It is possible to set the HTTP referer header to javascript:. 🕵️‍♂️ Proof of Concept Execute the following command localhost: shell curl -H 'Referer: javascript:alert'...

Fedora 33 : curl (2021-cab5c9befb)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-cab5c9befb advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in...

Cross site request forgery (csrf)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

PT-2021-4570 · Curl +9 · Curl +9

Name of the Vulnerable Software and Affected Versions: curl versions 7.1.1 through 7.75.0 Description: The issue is related to the exposure of private personal information to an unauthorized actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from...

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

CVE-2020-25786

CVE-2020-25786 affects D-Link DIR-816L (2.06.B09_BETA) and DIR-803 (1.04.B02). A flaw in webinc/js/info.php allows XSS via the HTTP Referer header . Public notes: affected products are no longer supported by the maintainer; exploitability is typically limited due to URL encoding (except in Intern...

PT-2020-16206 · D Link +1 · D-Link Dir-816L +2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816L version 2.06.B09 BETA D-Link DIR-803 version 1.04.B02 Description: The issue allows for XSS via the HTTP Referer header in the webinc/js/info.php file. This typically is not exploitable due to URL encoding, except in Internet...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

Design/Logic Flaw

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...

CVE-2019-5990

CVE-2019-5990 concerns Access analysis CGI An-Analyzer (ANGLERSNET). The connected records confirm an information-disclosure flaw where remote attackers can obtain a login password via HTTP Referer, affecting releases up to 2019-06-24. Reported by JVN/NVD/RH, the vulnerability targets the Informa...