CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

166 matches found

OSV•added 2025/04/03 2:4 p.m.•1 views

BIT-DOLIBARR-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

5.4CVSS6.1AI score0.00234EPSS

Exploits1References2

OSV•added 2024/08/16 8:15 p.m.•1 views

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

4.7CVSS6AI score0.00265EPSS

Exploits0References2

OSV•added 2023/12/06 5:15 a.m.•1 views

CVE-2023-6527

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS7.4AI score

Exploits0References2

OSV•added 2022/05/13 1:12 a.m.•16 views

GHSA-2HW2-H3MF-C2J9 Moodle open redirect vulnerability

Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...

7.4CVSS7.1AI score0.00347EPSS

Exploits0References10

Source Incite•added 2021/09/23 12:0 a.m.•55 views

SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...

7.7AI score

Exploits0

Tenable Nessus•added 2021/06/10 12:0 a.m.•33 views

SUSE SLES11 Security Update : curl (SUSE-SU-2021:14707-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14707-1 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in t...

5.3CVSS6.7AI score0.00115EPSS

Exploits1References4

OSV•added 2021/06/08 8:12 p.m.•12 views

GHSA-GC45-J3M5-8QFQ Server-Side Request Forgery in Feehi CMS

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

9.1CVSS9.2AI score0.00292EPSS

Exploits1References4

OSV•added 2021/05/24 8:15 p.m.•12 views

CVE-2021-30108

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

9.1CVSS6.8AI score

Exploits0References1

Prion•added 2021/05/24 8:15 p.m.•33 views

Server side request forgery (ssrf)

Feehi CMS 2.1.1 is affected by a Server-side request forgery SSRF vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it...

6.4CVSS9.1AI score0.00292EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2021/04/01 5:45 p.m.•5 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header...

5.9AI score0.00115EPSS

Exploits1References10

Cvelist•added 2021/04/01 5:45 p.m.•27 views

CVE-2021-22876

6AI score0.00115EPSS

Exploits1References10

NVD•added 2020/09/19 8:15 p.m.•9 views

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

6.1CVSS0.00678EPSS

Exploits1References2

NVD•added 2020/02/16 10:15 p.m.•8 views

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

5.4CVSS5.3AI score0.00234EPSS

Exploits1References1

Prion•added 2020/02/16 10:15 p.m.•9 views

Design/Logic Flaw

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

3.5CVSS5.3AI score0.00234EPSS

Exploits1References1Affected Software1

OSV•added 2019/10/29 7:15 p.m.•9 views

CVE-2018-10727

Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...

6.1CVSS5.9AI score

Exploits0References1

Prion•added 2019/10/29 7:15 p.m.•11 views

Cross site scripting

4.3CVSS6.1AI score0.00404EPSS

Exploits1References1Affected Software1

NVD•added 2019/07/29 4:15 p.m.•11 views

CVE-2019-6726

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...

6.5CVSS6.6AI score0.0384EPSS

Exploits3References5

OSV•added 2019/07/29 4:15 p.m.•0 views

CVE-2019-6726

6.5CVSS6.8AI score

Exploits0References5

Prion•added 2019/05/27 11:29 p.m.•11 views

Cross site scripting

EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/05/27 10:50 p.m.•14 views