439 matches found
EUVD-2009-2370
Malware in sbrugna...
EUVD-2022-1111
Malicious code in bioql PyPI...
EUVD-2022-4371
Malicious code in bioql PyPI...
EUVD-2022-1995
Malicious code in bioql PyPI...
CVE-2025-54783
CVE-2025-54783 affects SuiteCRM up to version 7.14.6, with a reflected XSS vulnerability triggered by modifying the HTTP Referer header to inject JavaScript. The server may block the domain but still execute the injected script. Remediation is to upgrade to SuiteCRM 7.14.7 or later. No exploitati...
WordPress Nginx Cache Purge Preload plugin code injection vulnerability
WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...
PT-2025-25204 · WordPress · Xagio Seo
Name of the Vulnerable Software and Affected Versions: Xagio SEO – AI Powered SEO plugin for WordPress versions up to, and including, 7.1.0.16 Description: The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP REFERER parameter due to...
CVE-2022-46355
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The affected products are...
CVE-2022-25196
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
CVE-2010-5080
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...
CVE-2013-0709
Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2019-5990
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2013-0708
Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-5108
Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...
BIT-DOLIBARR-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
CVE-2024-44674
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...