41 matches found
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
EUVD-2020-0276
Malware in sbrugna...
EUVD-2017-5705
Malware in sbrugna...
EUVD-2007-5202
Malware in sbrugna...
EUVD-2017-5704
Malware in sbrugna...
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
BIT-DOLIBARR-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
CVE-2024-25286
CVE-2024-25286 concerns a CSRF vulnerability in the 3DSecure 2.0 system, specifically the “3DS Authorization Method” of Redsys (3DSecure 2.0). The issue allows an attacker to submit unauthorized form data by manipulating HTTP Origin and Referer headers, potentially triggering unauthorized transac...
CVE-2023-52274
CVE-2023-52274 affects YzmCMS versions 6.5–7.0, where a cross-site scripting (XSS) vulnerability exists in member/index/register.html via the Referer HTTP header. The CNVD/NVD/OSV/CVE entries describe the root cause as insufficient filtering/escaping of user-supplied data in the Referer header, e...
Apache Wicket vulnerable to CSRF attacks
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
Design/Logic Flaw
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
Cross site request forgery (csrf)
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...
Cross site scripting
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
Cross site scripting
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The CVE-2017-14195 entry describes an XSS vulnerability in dayrui FineCms 5.0.11, specifically in the call_msg function of controllers/Form.php. The issue is triggered by the Referer HTTP header (noted for Internet Explorer) and is described across multiple sources as cross-site scripting, with p...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...