PlayStation: Access Token Smuggling from my.playstation.com via Referer Header

I discovered a way to smuggle an access token from my.playstation.com via Referer header through chain of open redirection vulnerability. On my investigation of authentication flow I found this endpoint with potential site for open redirect vulnerability...

TP-Link Archer C50 Denial of Service Vulnerability

The TP-Link Archer C50 is a wireless router from China P&L TP-Link. A security vulnerability exists in versions prior to TP-Link Archer C50 V3 Build 200318 Rel. 62209. A remote attacker can exploit this vulnerability to cause a denial of service via an HTTP header with an illegal referer field...

CVE-2020-9375

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field...

Chadha Software Technologies PHPKB Standard Multi-Language article.php Cross-Site Scripting Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way the Referer header is handled in the article.php file in Chadha Software...

CVE-2020-10388

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...

CVE-2020-10388

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...

Cross site scripting

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...

CVE-2020-10388

The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...

CVE-2020-10388

Chadha PHPKB Standard Multi-Language v9 is affected by CVE-2020-10388 due to improper handling/validation of the Referer header in article.php, enabling Stored (Blind) XSS via admin/report-referrers.php (vulnerable code in admin/include/functions-articles.php). Affected component: PHPKB’s article...

PT-2020-12058 · Chadha · Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of the Referer header in article.php, allowing attackers to execute Stored Blind XSS by injecting arbitrary web script or HTML. This is specifically...

CVE-2017-6371

Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service service crash via a long string in the HTTP Referer header...

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2020-10498)

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

Design/Logic Flaw

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

UBUNTU-CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

PT-2020-20431 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0 Description: The issue allows for XSS attacks through the joinfiles, topic, or code parameter, or the HTTP Referer header. Recommendations: For Dolibarr version 11.0, consider restricting access to the vulnerable...

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

CVE-2019-4562

IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...