801 matches found
CVE-2017-14193
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...
CVE-2015-9273
The wp-slimstat aka Slimstat Analytics plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
CVE-2014-8305
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2025-46721 nosurf vulnerable to CSRF due to non-functional same-origin request checks
nosurf is cross-site request forgery CSRF protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site either via XSS, or otherwise to bypass CSRF checks and issue requests on user's behal...
DEBIAN-CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
UBUNTU-CVE-2025-24358
gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...
BIT-DOLIBARR-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...
The vulnerability of the 3DSecure (3DS2) protocol, related to the manipulation of inter-site requests, allows a perpetrator to carry out a CSRF attack.
The vulnerability of the 3DSecure 3DS2 protocol is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack by altering the HTTP headers Origin and Referer...
The vulnerability of TP-Link TL-WR840N router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of TP-Link TL-WR840N router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending a specially crafted request with the Referer header set...
The vulnerability of TP-Link Archer c20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of TP-Link Archer c20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by adding the parameter “Referer: http://tplinkwifi.net” to the...
CVE-2024-57050
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing th...
CVE-2024-57049
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...
CVE-2024-57049
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...
PT-2025-6736
Name of the Vulnerable Software and Affected Versions TP-Link Archer C20 router versions V6.6 230412 and earlier Description A vulnerability in the TP-Link Archer C20 router permits unauthorized individuals to bypass the authentication of some interfaces under the /CGI directory. By adding a...
TP-LINK Archer C20 安全漏洞
TP-LINK Archer C20 is a router from China P&L TP-LINK. A security vulnerability exists in TP-LINK Archer C20 version V6.6230412 and prior versions. An attacker exploiting this vulnerability could add Referer: http://tplinkwifi.net to a request to be recognized as authenticated...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Referer HTTP header due to improper sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website...
CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...
PT-2024-36827 · Lgsl · Lgsl
Name of the Vulnerable Software and Affected Versions: LGSL Live Game Server List versions up to and including 6.2.1 Description: The issue is related to a reflected cross-site scripting vulnerability in the Referer HTTP header. This vulnerability allows attackers to inject arbitrary JavaScript...