CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

CVE-2014-3894

Cross-site scripting XSS vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header...

CVE-2014-3894

Cross-site scripting XSS vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header...

Multifunctional MailForm Free vulnerable to cross-site scripting

Overview Multifunctional MailForm Free provided by PHP Kobo contains a cross-site scripting vulnerability. Multifunctional MailForm Free contains an issue in processing HTTP Referer headers, which may cause cross-site scripting. Impact By opening a specially crafted HTML document, an arbitrary...

CVE-2014-4687

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the starttime0 parameter to firewallschedule.php, 2 the rssfeed parameter to rss.widget.php, 3 the servicestatusfilter parameter to...

SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when...

Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...

Splunk '/en-US/app/' Referer Header XSS

The version of Splunk hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'Referer' HTTP header. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be...

Allegro RomPager < 4.51 HTTP Referer Header XSS Vulnerability

Allegro RomPager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2013-6786

Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...

CVE-2013-6786

CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...

PT-2014-3201 · D Link +5 · D-Link Dsl-2641R +6

Name of the Vulnerable Software and Affected Versions: Allegro RomPager versions prior to 4.51 ZyXEL P660HW-D1 affected versions not specified Huawei MT882 affected versions not specified Sitecom WL-174 affected versions not specified TP-LINK TD-8816 affected versions not specified D-Link DSL-264...

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

CVE-2013-7277

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

RomPager HTTP Referer Header XSS

The remote RomPager HTTP server is affected by a cross-site scripting vulnerability. The server does not properly sanitize the referer header value when generating a 404 error page. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Google Chrome 25.0.1364.152 HTTP Referer Header Faking

Advisory: XMLHttpRequest HTTP Referer Header Faking Author: Liad Mizrachi Vendor URL: http://www.chromium.org/ Vulnerability Status: Fixed Application Version: Google Chrome v25.0.1364.152 ========================== Vulnerability Description ========================== Chromium is the open source...

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...

CVE-2013-0709

Cross-site scripting XSS vulnerability in dopvSTAR 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

CVE-2013-0708

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...

Cross site scripting

Cross-site scripting XSS vulnerability in dopvCOMET 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log...