ZZCMS 安全漏洞

ZZCMS is a content management system by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS caina.php handling HTTPReferer, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack us...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

Roundup Cross-site Scripting Vulnerability

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

GHSA-XJGW-GHRX-WFFF Roundup Cross-site Scripting Vulnerability

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

PYSEC-2024-64

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

PT-2024-25627 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication MFA required...

CVE-2024-5293

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-41229

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2023-6527

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-46355)

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...

CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Enable 2FA + Website Security and put...

Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

GHSA-2HW2-H3MF-C2J9 Moodle open redirect vulnerability

Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...