801 matches found
CVE-2014-8380
Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...
CVE-2014-8380
Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...
CVE-2014-8380
The CVE-2014-8380 is an XSS vulnerability in Splunk 6.1.1 where the Referer header in a 404 response is not properly sanitized, enabling remote attackers to inject arbitrary script/HTML in the victim’s browser. Multiple connected sources (OpenVAS, Tenable, CVE listings) corroborate this as a Refe...
CVE-2014-8380
Cross-site scripting XSS vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
Open redirect
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
IP.Board 3.4 cross-site scripting in Referer header
+-------------------------------------------------------------------- + + IP.Board 3.4 cross-site scripting in Referer header + +-------------------------------------------------------------------- + vendor site........: http://www.invisionpower.com + Affected Software .: IP.Board 3.4 + Class...
CVE-2014-8069
Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...
CVE-2014-8069
Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...
Nokia : Exploiting cross-site scripting in Referer header in Trade.online.nokia.com
Little Insight: The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks or referer page back link . The payload Referer: javascript:prompt1; was submitted in the Referer HTTP header. This input was store on page back link when user...
PT-2014-1985 · D Link · Dnr-326 +4
Name of the Vulnerable Software and Affected Versions: D-Link DNR-320L versions prior to 1.04b08 D-Link DNS-320LW versions prior to 1.04b08 D-Link DNR-322L versions prior to 2.10 build 03 D-Link DNR-326 versions prior to 2.10 build 03 D-Link DNS-327L versions prior to 1.04b01 Description: The iss...
CVE-2014-5108
Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...
CVE-2014-5106
Cross-site scripting XSS vulnerability in Invision Power IP.Board aka IPB or Power Board 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in Invision Power IP.Board aka IPB or Power Board 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...
CVE-2014-5106
The CVE-2014-5106 entry describes a cross-site scripting (XSS) vulnerability in Invision Power IP.Board (IPB) 3.4.x through 3.4.6. An attacker could inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. This applies to IPB 3.4.x–3.4.6; no exploitation details...