Lucene search
K

810 matches found

OSV
OSV
added 2017/09/07 5:29 p.m.3 views

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

6.1CVSS5.8AI score0.00635EPSS
Exploits0References1
OSV
OSV
added 2017/09/07 5:29 p.m.5 views

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

6.1CVSS5.8AI score0.00635EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/09/07 5:0 p.m.23 views

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

6AI score0.00635EPSS
Exploits0References1
Prion
Prion
added 2017/08/07 5:29 p.m.14 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

6.8CVSS8.8AI score0.00714EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2017/08/07 5:29 p.m.3 views

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

8.8CVSS5.8AI score
Exploits0References3
CVE
CVE
added 2017/08/07 5:0 p.m.54 views

CVE-2017-12651

CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...

8.8CVSS8.8AI score0.00714EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/08/07 5:0 p.m.30 views

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

9.3AI score0.00714EPSS
Exploits1References3
CNVD
CNVD
added 2017/08/02 12:0 a.m.2 views

Cacti cross-site scripting vulnerability (CNVD-2017-26582)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

5.4CVSS6.8AI score0.01417EPSS
Exploits0References1
OSV
OSV
added 2017/08/01 5:29 a.m.2 views

UBUNTU-CVE-2017-12066

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable. NOTE: this vulnerability exists because of an incomplete fi...

5.4CVSS6.9AI score0.01417EPSS
Exploits0References4
CNVD
CNVD
added 2017/07/28 12:0 a.m.2 views

Cacti cross-site scripting vulnerability (CNVD-2017-26314)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the authprofile.php...

6.1CVSS6AI score0.01993EPSS
Exploits2References1
OSV
OSV
added 2017/07/27 6:29 a.m.1 views

UBUNTU-CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

5.4CVSS6.8AI score0.01993EPSS
Exploits1References4
OSV
OSV
added 2017/07/27 6:29 a.m.1 views

DEBIAN-CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

5.4CVSS6AI score0.01993EPSS
Exploits1References1
Veracode
Veracode
added 2017/07/27 1:17 a.m.14 views

Open Redirects

Moodle is vulnerable to open redirects. Attackers can perform phishing attacks and other open redirects through an error page which contains links to a URL from the HTTP Referer header...

5.8CVSS7.2AI score0.01893EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2017/07/26 6:2 a.m.151 views

Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2017/07/22 1:27 p.m.39 views

Legal Robot: Token leakage by referrer header & analytics

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

2.3AI score
Exploits0
CNVD
CNVD
added 2017/07/11 12:0 a.m.5 views

Cacti aggregate_graphs.php file cross-site scripting vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...

5.4CVSS5.3AI score0.01277EPSS
Exploits1References1
OSV
OSV
added 2017/07/10 6:29 p.m.1 views

DEBIAN-CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

5.4CVSS5.4AI score0.01277EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.2 views

Hopesys Web Management System version 1.0 /include/func.common.php referer header injection vulnerability

Hopesys website management system is based on LAMP development of enterprise/government website management system. Hopesys Website Management System version 1.0 /include/func.common.php referer header injection vulnerability. An attacker can use this vulnerability to obtain sensitive database...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/06/16 12:0 a.m.1 views

SQL Injection Vulnerability in HTTP_REFERER on the Home Page of Uc365 Website Classifieds Navigation System

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. There is a SQL injection vulnerability in the index.php file on the home page of the...

8.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/14 12:0 a.m.30 views

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

9.8CVSS7.3AI score0.02883EPSS
Exploits1References10
Rows per page
Query Builder