95 matches found
CVE-2001-1532
WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...
EUVD-2001-1509
Malware in sbrugna...
EUVD-2007-4523
Malware in sbrugna...
EUVD-2004-1815
Malware in sbrugna...
EUVD-2011-4820
Malware in sbrugna...
EUVD-2006-0468
Malware in sbrugna...
EUVD-2002-2088
Malware in sbrugna...
EUVD-2006-0835
Malware in sbrugna...
EUVD-2025-18096
Malicious code in bioql PyPI...
CVE-2025-3302 Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER'
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTPREFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-43009
A reflected cross-site scripting XSS vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTPREFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user...
CVE-2024-44818
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...
CVE-2024-44674
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...
CVE-2011-4909
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTPREFERER header to 1 components/comcontent/views/article/tmpl/form.php, 2 components/comuser/controller.php, 3 plugins/system/legacy/html.php, or 4...
CVE-2024-44674
CVE-2024-44674 affects the D-Link COVR-2600R with firmware FW101b05. The vulnerability arises in a function (sub_24E28) where HTTP_REFERER is obtained via an environment variable, which is controllable, and can be used as the value for src. This leads to a buffer overflow condition as described i...
CVE-2024-44674
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...
CVE-2024-44818
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...
CVE-2024-44818
CVE-2024-44818 is a Cross Site Scripting vulnerability in ZZCMS (caina.php) that relies on the HTTP Referer header. Affected: ZZCMS v.2023 and earlier. Root cause: improper handling/reflection of Referer data leading to information disclosure. Sources corroborate remote exploitation to obtain sen...
CVE-2024-44818
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...
CVE-2024-44818
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTPReferer header of the caina.php component...