Cross site scripting

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

Cross site scripting

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

CVE-2018-18244

The CVE-2018-18244 entry corresponds to a cross-site scripting vulnerability in VIVOTEK Network Camera Series. The affected component is the syslog.html page, exploitable on firmware versions 0x06x to 0x08x. An attacker can remotely inject and execute arbitrary JavaScript in the context of a user...

Information Disclosure

kibana is vulnerable to information disclosure. An improperly initialized kibana login screen causes user-entered credentials to be shown in the URL bar and allows untrusted parties to obtain the user's credentials via access logs or through the Referer header when the user browses to another...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

DEBIAN-CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

UBUNTU-CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2018-18655

CVE-2018-18655 affects Prayer through 1.3.5, a web mail server. The issue is caused by header.t lacking a no-referrer setting, causing a Referer header to leak a user’s username when the user clicks a link in an email. Connected sources confirm the same description across multiple advisories (Evi...

CVE-2018-18655

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting...

CVE-2015-9273

CVE-2015-9273 affects the WordPress plugin wp-slimstat (Slimstat Analytics) , with an XSS vulnerability exploitable via an HTTP Referer header or a related JavaScript Referer tracking field. Affected versions are prior to 4.1.6.1 . The issue is documented across multiple sources confirming a stor...

CVE-2018-15700

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field...

CVE-2018-17130

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

Design/Logic Flaw

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

CVE-2018-17130

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...

PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2018-19539)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind version 5.5. A remote attacker can exploit this vulnerability to obtain an administrator cookie and perform other actions with the help of th...

CVE-2018-14398

An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials...