CVE-2014-8069

Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...

CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

CVE-2014-5106

Cross-site scripting XSS vulnerability in Invision Power IP.Board aka IPB or Power Board 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Invision Power IP.Board aka IPB or Power Board 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

CVE-2014-5106

The CVE-2014-5106 entry describes a cross-site scripting (XSS) vulnerability in Invision Power IP.Board (IPB) 3.4.x through 3.4.6. An attacker could inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. This applies to IPB 3.4.x–3.4.6; no exploitation details...

CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

CVE-2014-3894

Cross-site scripting XSS vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header...

CVE-2014-3894

Cross-site scripting XSS vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header...

CVE-2014-4687

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...

Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...

Allegro RomPager < 4.51 HTTP Referer Header XSS Vulnerability

Allegro RomPager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2013-6786

Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...

CVE-2013-6786

CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...

CVE-2013-7277

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Advisory: XMLHttpRequest HTTP Referer Header Faking Author: Liad Mizrachi Vendor URL: http://www.chromium.org/ Vulnerability Status: Fixed Application Version: Google Chrome v25.0.1364.152 ========================== Vulnerability Description ========================== Chromium is the open source...

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...

CVE-2013-0708

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

CVE-2013-0709

Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

Cross site scripting

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...