Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874

CVE-2023-37874 affects WordPress HTTP Headers plugin versions

CVE-2023-37874 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

WordPress plugin HTTP Headers cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

User Access Manager < 2.2.18 - IP Spoofing

Description The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations. PoC Set HTTPXREALIP which is used in checkUserGroupAccess to use an IP from the allowlist...

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

Design/Logic Flaw

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

CVE-2022-28734 Out-of-bounds write when handling split HTTP headers

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

Improper Neutralization Of HTTP Headers

Spring HATEOS is vulnerable to Improper Neutralization Of HTTP Headers. The vulnerability is due to not sanitizing or stripping the "Forwarded", "X-Forwarded-Host", "X-Forwarded-Port" or "X-Forwarded-Proto" headers. This can allow an attacker to spoof these headers values thereby bypassing securi...

CVE-2023-34036

CVE-2023-34036 affects reactive Spring WebFlux applications that use Spring HATEOAS to generate hypermedia links. The root cause is improper handling of forwarded headers (Forwarded, X-Forwarded-Host/Port/Proto) by the application stack, which can allow spoofing if there is no trusted proxy or ad...

PT-2023-5211 · Curl +6 · Curl +6

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.4.0 Description: The issue is related to the handling of HTTP headers by the curl utility. When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl header...

WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Software HTTP Headers Type Plugin Vulnerable versions = 1.18.11 Fixed in 1.19.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-37978 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 0923ddb0050e Credits emad...

CVE-2023-1208

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

Remote code execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-1208 HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-1208 HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cross Site Scripting (XSS)

Software HTTP Headers Type Plugin Vulnerable versions = 1.18.11 Fixed in 1.19.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-37874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9021e283fb63 Credits emad Required privilege Administrator...