PT-2024-28105 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form plugin for WordPress versions up to, and including, 3.8.15 Description: The issue is related to Reflected Self-Based Cross-Site Scripting via the 'Referer' header due to insufficient input sanitization and output...

PT-2024-20861 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: A Cross-Site Request Forgery CSRF issue was identified in the Authorization Method of 3DSecure 2.0, allowing for potential exploitation via modified Origin and Referer HTTP headers...

CVE-2024-44818

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...

PT-2024-31265 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information via the HTTP Referer header of the caina.php component. This is a Cross Site Scripting vulnerability, which enables the attacker t...

CVE-2024-43009

A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...

PT-2024-30253 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: A reflected cross-site scripting XSS issue exists due to the direct insertion of the HTTP REFERER header value into the HTML response without proper sanitization in the user/login.php file at line...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v2023 and earlier versions, which stems from incorrect HTTPREFERER header handling, and can be exploited by an attacker to execute malicious scripts via specially crafted URLs...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the HTTP Referer header, allowing a SCRIPT element to be executed...

PYSEC-2024-64

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

UBUNTU-CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

PT-2024-28355 · Roundup · Roundup

Name of the Vulnerable Software and Affected Versions: Roundup versions prior to 2.4.0 Description: The issue allows for cross-site scripting XSS via a SCRIPT element in an HTTP Referer header. Recommendations: For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue...

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

VulnCheck KEV: CVE-2023-6961

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Referer header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-6961

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2023-6961

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2023-6961

CVE-2023-6961 : The WP Meta SEO WordPress plugin is affected by an unauthenticated Stored Cross-Site Scripting (XSS) via the Referer header in all versions up to 4.5.12 due to insufficient input sanitization and output escaping. Exploitation allows an attacker to inject scripts that execute in a ...

WordPress plugin WP Meta SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Meta SEO plugin <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header vulnerability

Unauthenticated Stored Cross-Site Scripting via Referer header vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Meta SEO versions = 4.5.12...

CVE-2024-0386

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...