797 matches found
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
Information disclosure
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
Rockstar Games: Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html
In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. The specific vulnerability that was addressed in this report was the image injection component...
UBUNTU-CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
PT-2020-19907 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.6 Description: The issue allows for XSS via the Referer HTTP header in the htdocs/user/passwordforgotten.php file. Recommendations: For Dolibarr version 10.0.6, consider disabling access to the...
CVE-2019-5990
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...
CVE-2018-10727
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
Cross site scripting
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
Default credentials
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
Cross site request forgery (csrf)
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
CVE-2015-9314
The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
PT-2019-11768 · Jenkins · Jenkins Gitlab Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin version 1.4 and earlier Description: The issue allows attackers to redirect users to a URL outside Jenkins after a successful login, implementing an open redirect. This can be used by malicious sites to...