810 matches found
CVE-2018-10727
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
Cross site scripting
Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
Default credentials
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2012-6715
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
Cross site request forgery (csrf)
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
CVE-2015-9314
The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...
CVE-2015-9314
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header...
PT-2019-11768 · Jenkins · Jenkins Gitlab Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin version 1.4 and earlier Description: The issue allows attackers to redirect users to a URL outside Jenkins after a successful login, implementing an open redirect. This can be used by malicious sites to...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
Cross site scripting
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
CVE-2019-12362
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php...
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter...
Design/Logic Flaw
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter...