CVE-2014-3894
CVE-2014-3894 is a documented cross-site scripting (XSS) vulnerability in PHP Kobo’s Multifunctional MailForm Free (≤2014/1/28). The issue stems from how HTTP Referer headers are processed, allowing remote attackers to inject arbitrary scripts/HTML. Affected product: Multifunctional MailForm Free...