39 matches found
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
EUVD-2020-0276
Malware in sbrugna...
EUVD-2017-5705
Malware in sbrugna...
EUVD-2007-5202
Malware in sbrugna...
EUVD-2017-5704
Malware in sbrugna...
CVE-2017-14194
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
BIT-DOLIBARR-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
CVE-2023-52274
CVE-2023-52274 affects YzmCMS versions 6.5–7.0, where a cross-site scripting (XSS) vulnerability exists in member/index/register.html via the Referer HTTP header. The CNVD/NVD/OSV/CVE entries describe the root cause as insufficient filtering/escaping of user-supplied data in the Referer header, e...
Apache Wicket vulnerable to CSRF attacks
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
Design/Logic Flaw
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
Cross site request forgery (csrf)
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...
Cross site scripting
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14195
The CVE-2017-14195 entry describes an XSS vulnerability in dayrui FineCms 5.0.11, specifically in the call_msg function of controllers/Form.php. The issue is triggered by the Referer HTTP header (noted for Internet Explorer) and is described across multiple sources as cross-site scripting, with p...
CVE-2017-14195
The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...
CVE-2017-14193
The CVE-2017-14193 entry concerns dayrui FineCms 5.0.11, where the oauth function in controllers/member/api.php is vulnerable to cross-site scripting via the Referer HTTP header when accessed from Internet Explorer. This is the explicit vulnerable component and vector described in the connected d...
CVE-2017-14194
The CVE-2017-14194 entry concerns dayrui FineCms version 5.0.11, where the out function in controllers/member/Login.php is reported to have an XSS vulnerability related to the Referer HTTP header in Internet Explorer. Multiple connected records (NVD, Red Hat, CNVD, CVE list mirrors, and regional ...