Cross site scripting

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

CVE-2017-11163

The CVE-2017-11163 entry corresponds to an XSS issue in Cacti: specifically, aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject script/HTML via crafted HTTP Referer headers, tied to the $cancel_url variable. Related CVE-2017-12066 covers the same XSS vector; t...

CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

CVE-2017-2136

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

Cross site scripting

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

CVE-2017-2136

CVE-2017-2136 (WP Statistics) affects the WordPress WP Statistics plugin, version 12.0.4 and earlier. The root cause is a cross-site scripting flaw triggered by specially crafted HTTP Referer headers, allowing an attacker to inject arbitrary script or HTML in users’ browsers. Affected products an...

CVE-2017-2136

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

Cross site scripting

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

CVE-2017-5191

NetIQ Access Manager (NAM) versions 4.2 and 4.3 contain a cross-site scripting (XSS) vulnerability in the /NAGErrors URI. The issue arises because the Access Gateway Error page does not validate the HTTP Referer header, enabling a remote attacker to inject arbitrary web script or HTML. No exploit...

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header...

CVE-2017-7881

BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/header.php and patched in...

CVE-2017-7881

BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/header.php and patched in...

JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...

Microsoft Internet Explorer and Edge Spoofing Vulnerability (CVE-2017-0012)

Details source: http://bobao.360.cn/learning/detail/3612.html parent. window. opener. location can make open his window location jump to the other domain name, in an attempt to use cross-domain when I first discovered this problem, here is what I found the problem when the test code. parent...

CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

CVE-2015-3272

Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...