CVE-2015-7391

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...

CVE-2015-7391

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...

Student Result or Employee Database <= 1.6.3 - Auth Bypass

The Student Result or Employee Database WordPress plugin was affected by an Auth Bypass security vulnerability. curl -i -s -k -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer:...

vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...

Cross site scripting

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14193

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14193

The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

CVE-2017-12651

CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

Cacti cross-site scripting vulnerability (CNVD-2017-26582)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

UBUNTU-CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

Cacti cross-site scripting vulnerability (CNVD-2017-26314)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the authprofile.php...

DEBIAN-CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

UBUNTU-CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

Open Redirects

Moodle is vulnerable to open redirects. Attackers can perform phishing attacks and other open redirects through an error page which contains links to a URL from the HTTP Referer header...