797 matches found
CVE-2025-64115 Movary unvalidated Referer header allows open redirect and phishing
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...
CVE-2025-64115
Summary: Movary (web application) prior to 0.69.0 is affected by an open redirect in multiple settings endpoints that directly used the HTTP Referer header for redirects (versions up to and including 0.68.0). This can enable phishing via crafted links to attacker‑controlled sites. Affected compon...
EUVD-2025-37040
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...
PT-2025-44442
Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.69.0 Description Movary, a web application for tracking movie watch history, is susceptible to an open redirect issue. Versions up to and including 0.68.0 directly utilize the HTTP Referer header value for redirects...
Movary 输入验证错误漏洞
Movary is a movie review program by Lee Peuker Personal Developer. An input validation error vulnerability exists in Movary 0.68.0 and prior versions that stems from a direct redirection using the HTTP Referer header value, which could lead to open redirection attacks and phishing attacks...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
EUVD-2025-36178
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384
CVE-2025-41384 is a reflected Cross-Site Scripting (XSS) vulnerability in SuiteCRM v7.14.1. The issue occurs when an attacker injects JavaScript by manipulating the HTTP Referer header; the server attempts to block the domain but still allows the malicious code to execute in the user’s context. M...
SuiteCRM 跨站脚本漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM version 7.14.1 that stems from malicious JavaScript code in the HTTP Referer header that is not properly filtered, which could lead to a reflected cross-site...
PT-2025-43950
Name of the Vulnerable Software and Affected Versions SuiteCRM version 7.14.1 Description A Cross-Site Scripting XSS issue exists where an attacker can execute JavaScript code. This is achieved by manipulating the HTTP Referer header to include a malicious domain containing JavaScript code. The...
CVE-2025-11238
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...
CVE-2025-11238
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...
CVE-2025-11238
CVE-2025-11238 concerns the WordPress plug‑in Watu Quiz. The vulnerability is a Stored Cross‑Site Scripting flaw triggered by the HTTP Referer header due to insufficient input sanitization and output escaping when the “Save source URL” option is enabled. Affected versions are those less than or e...
CVE-2025-11238 Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...
EUVD-2025-35904
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...
CVE-2025-11238 Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. This makes it possible for unauthenticated...