Lucene search
K

823 matches found

NVD
NVD
added 2013/03/01 5:40 a.m.19 views

CVE-2013-0708

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3
Prion
Prion
added 2013/03/01 5:40 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2013/03/01 5:40 a.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/03/01 2:0 a.m.47 views

CVE-2013-0709

CVE-2013-0709 concerns a cross-site scripting (XSS) vulnerability in the dopvSTAR* 0091 product. The issue arises from how the HTTP Referer header is handled during display of the access log, allowing remote attackers to inject arbitrary web script or HTML. The connected JVN entries confirm the a...

4.3CVSS5.9AI score0.01148EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/03/01 2:0 a.m.48 views

CVE-2013-0708

CVE-2013-0708 concerns a cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b, where an attacker can inject arbitrary scripts via the HTTP Referer header during display of the access log. The vulnerability could allow a user’s browser to execute injected code, as indicated by multiple sou...

4.3CVSS5.9AI score0.01148EPSS
Exploits0References3Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2013/01/29 12:0 a.m.13 views

CORS requests can omit the preflight request – Opera Security Advisories

Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...

5.8AI score
Exploits0References1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.88 views

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...

4.3CVSS6.1AI score0.0391EPSS
Exploits3
htbridge
htbridge
added 2012/12/19 12:0 a.m.37 views

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...

4.3CVSS5.4AI score0.0391EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.24 views

Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. CVE-2007-5947 Several flaws were found in the way Firefox processed certain...

9.3CVSS8.2AI score0.05443EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.26 views

Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. CVE-2007-5947 Several flaws were found in the way SeaMonkey processed...

9.3CVSS8.2AI score0.05443EPSS
Exploits1References4
NVD
NVD
added 2012/07/31 10:45 a.m.16 views

CVE-2012-3848

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

4.3CVSS5.7AI score0.02492EPSS
Exploits3References2
Prion
Prion
added 2012/07/31 10:45 a.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

4.3CVSS6.1AI score0.02492EPSS
Exploits3References2Affected Software1
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.23 views

DomsHttpd DoS

Crash on Referer: header processing...

0.6AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/01/29 11:55 a.m.1 views

CVE-2011-5073

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to inject arbitrary web script or HTML via the 1 mode parameter to contactsupport.php; 2 contractid parameter to contractaddservice.php; 3 user parameter to editbackupusers.ph...

4.3CVSS5.4AI score0.01626EPSS
Exploits1References5
Prion
Prion
added 2011/12/24 7:55 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

4.3CVSS6.1AI score0.01772EPSS
Exploits0References26Affected Software1
Cvelist
Cvelist
added 2011/12/24 7:0 p.m.31 views

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

5.8AI score0.01772EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2011/11/28 12:0 a.m.6 views

PT-2011-4990 · WordPress · Seo Redirection Plugin

Name of the Vulnerable Software and Affected Versions: Redirection plugin version 2.2.9 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located in the view/admin/log item.php and view/admin/log item details.php files of the Redirection...

4.3CVSS6.4AI score0.02483EPSS
Exploits1References12
exploitpack
exploitpack
added 2011/10/03 12:0 a.m.11 views

Netvolution 2.5.8 - referer Header SQL Injection

Netvolution 2.5.8 - referer Header SQL Injection source: https://www.securityfocus.com/bid/49918/info Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2011/10/03 12:0 a.m.23 views

Netvolution 2.5.8 - 'referer' Header SQL Injection

source: https://www.securityfocus.com/bid/49918/info Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

7.4AI score
Exploits0
NVD
NVD
added 2011/02/23 1:0 a.m.20 views

CVE-2011-1062

Multiple cross-site scripting XSS vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sContext, 2 sort, 3 dir, and 4 show parameters in a save action to index.php; the 5 dir and 6 show parameters to printlist.php;...

4.3CVSS5.8AI score0.01751EPSS
Exploits2References6
Rows per page
Query Builder