439 matches found
CVE-2013-0909
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors...
Information disclosure
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors...
CVE-2013-0909
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors...
CVE-2013-0708
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
Cross site scripting
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
Cross site scripting
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
CVE-2013-0709 concerns a cross-site scripting (XSS) vulnerability in the dopvSTAR* 0091 product. The issue arises from how the HTTP Referer header is handled during display of the access log, allowing remote attackers to inject arbitrary web script or HTML. The connected JVN entries confirm the a...
CVE-2013-0708
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0709
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2013-0708
CVE-2013-0708 concerns a cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b, where an attacker can inject arbitrary scripts via the HTTP Referer header during display of the access log. The vulnerability could allow a user’s browser to execute injected code, as indicated by multiple sou...
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities
Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: February 20, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CV...
glFusion 1.2.2 Cross Site Scripting Vulnerability
glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities. Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: Februar...
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities
glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure:...
glFusion 1.2.2 Cross Site Scripting
Advisory ID: HTB23142 Product: glFusion Vendor: http://www.glfusion.org/ Vulnerable Versions: 1.2.2 and probably prior Tested Version: 1.2.2 Vendor Notification: January 30, 2013 Vendor Patch: January 30, 2013 Public Disclosure: February 20, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CV...
Multiple Cross-Site Scripting (XSS) in glFusion
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer, aimed to protect against spambots. The plugin also make...
CORS requests can omit the preflight request
Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...
Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...
CVE-2010-5080
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...