801 matches found
PT-2020-20431 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0 Description: The issue allows for XSS attacks through the joinfiles, topic, or code parameter, or the HTTP Referer header. Recommendations: For Dolibarr version 11.0, consider restricting access to the vulnerable...
CVE-2019-20060
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...
CVE-2019-20060
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
Information disclosure
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
CVE-2019-4562
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force ID: 166623...
Rockstar Games: Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html
In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. The specific vulnerability that was addressed in this report was the image injection component...
UBUNTU-CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
PT-2020-19907 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.6 Description: The issue allows for XSS via the Referer HTTP header in the htdocs/user/passwordforgotten.php file. Recommendations: For Dolibarr version 10.0.6, consider disabling access to the...
CVE-2019-5990
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer...
CVE-2018-10727
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
Cross site scripting
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
Default credentials
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...