Cross site scripting

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

CVE-2018-18244

The CVE-2018-18244 entry corresponds to a cross-site scripting vulnerability in VIVOTEK Network Camera Series. The affected component is the syslog.html page, exploitable on firmware versions 0x06x to 0x08x. An attacker can remotely inject and execute arbitrary JavaScript in the context of a user...

Design/Logic Flaw

The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...

CVE-2015-9273

The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...

CVE-2015-9273

The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...

CVE-2015-9273

CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...

CVE-2018-17130

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

Design/Logic Flaw

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

CVE-2018-17130

CVE-2018-17130 affects PHPMyWind 5.5, with a cross-site scripting (XSS) flaw in member.php triggered via the HTTP Referer header. Connected sources (CNVD-2018-19539 and CNVD-derived summaries) describe an attacker-capable scenario where the vulnerability can lead to theft of an administrator cook...

CVE-2018-17130

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

Design/Logic Flaw

An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials...

CVE-2018-14398

The CVE-2018-14398 entry affects Creme CRM 1.6.12: the cancel button’s value is sourced from the HTTP Referer header, enabling potential redirection to a fraudulent login page to steal credentials. Affected component: web UI logic handling cancel navigation; root cause: using Referer content in U...

Cross site scripting

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

Cross site request forgery (csrf)

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...

CVE-2017-7851

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...

CVE-2017-7851

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...