797 matches found
CVE-2024-0386
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
PT-2024-15520 · WordPress · Weforms
Name of the Vulnerable Software and Affected Versions: weForms plugin for WordPress versions up to, and including, 1.6.21 Description: The issue is related to Stored Cross-Site Scripting via the 'Referer' HTTP header due to insufficient input sanitization and output escaping. This allows...
Boss Mini 1.4.0 - local file inclusion
Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...
satellite: Blind SSRF via Referer header
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...
Cross-site Scripting in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
Cross site scripting
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
caddy-security Security Vulnerabilities
caddy-security is a security application and plugin for Caddy. A security vulnerability exists in caddy-security that stems from improper input cleanup and is susceptible to cross-site scripting XSS attacks via the Referer header...
PT-2024-18911 · Unknown · Caddy-Security
Name of the Vulnerable Software and Affected Versions: github.com/greenpau/caddy-security versions all Description: The issue is related to Cross-site Scripting XSS via the Referer header, caused by improper input sanitization. Although some characters are escaped to prevent XSS, the sanitization...
CVE-2023-6970
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-6970 WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2024-15151
Name of the Vulnerable Software and Affected Versions WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0 Description The issue is related to Reflected Cross-Site Scripting via the 'Referer' header due to insufficient input sanitization and output escaping. This allows...
CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header...
CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header...
Cross site scripting
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header...
CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header...
CVE-2023-46952
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header...