GHSA-6JH4-47V2-4G37 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

CVE-2022-27109

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...

EUVD-2022-31648

Malicious code in bioql PyPI...

OrangeHRM Referer header injection redirection vulnerability

Orangehrm is a human resource management system HRM from Orangehrm USA. The system supports personnel information management, leave management, time and attendance management and recruitment management, etc. Orangehrm version 4.10 has a Referer header injection redirection vulnerability, no...

zzcms cross-site scripting vulnerability (CNVD-2020-73162)

ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in the user login page of zzcms 2019. An attacker can exploit this vulnerability by injecting js code via user/login.php via the referer header...

Hopesys Web Management System version 1.0 /include/func.common.php referer header injection vulnerability

Hopesys website management system is based on LAMP development of enterprise/government website management system. Hopesys Website Management System version 1.0 /include/func.common.php referer header injection vulnerability. An attacker can use this vulnerability to obtain sensitive database...