797 matches found
PT-2024-13395 · Abo.Cms · Abo.Cms
Name of the Vulnerable Software and Affected Versions: ABO.CMS version 5.9.3 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted payload to the Referer header. This enables the attacker to perform unauthorized actions on the affected system...
YzmCMS 安全漏洞
Yzmcms is an open source CMS Content Management System. YzmCMS version 6.5 to 7.0 cross-site scripting vulnerability, the vulnerability stems from the member/index/register.html page of the Referer HTTP header of the user-supplied data lack of effective filtering and escaping, an attacker can...
CVE-2023-52274
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header...
CVE-2023-6527
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2023-32688 · WordPress · Email Subscription Popup
Name of the Vulnerable Software and Affected Versions: Email Subscription Popup plugin for WordPress versions up to, and including, 1.2.18 Description: The issue is related to Reflected Cross-Site Scripting via the HTTP REFERER header due to insufficient input sanitization and output escaping. Th...
satellite: Blind SSRF via Referer header
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...
Cross-site Scripting (XSS)
Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that...
CVE-2023-4294
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. 1. Add a new shortened link in the interface...
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...
The vulnerability of the Referrer Policy component of the SAP Enable Now software, which is used for creating and managing training materials. This vulnerability allows a hacker to circumvent existing security restrictions and expose protected information.
The vulnerability of the Referrer Policy component in SAP Enable Now, which is used for creating and managing training materials, is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and disclose...
JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2023-62628)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
Cross site scripting
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads...
CVE-2023-38066
Summary (CVE-2023-38066) : JetBrains TeamCity versions prior to 2023.05.1 are affected by a reflected XSS vulnerability that can be triggered via the Referer header during artifact downloads. The issue is triggered in the web UI when user-supplied Referer data is reflected back, potentially enabl...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...
Textpattern 4.8.8 Session Token Disclosure Vulnerability
Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer. Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Vendor: https://textpattern.com/ Software:...