Lucene search
K

1758 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.2 views

CVE-2026-31819

Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...

6.9CVSS5.7AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 12:0 a.m.23 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

0.00203EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 12:0 a.m.2 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

5.8AI score0.00203EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28391

Name of the Vulnerable Software and Affected Versions Lightcms version 2.0 Description A reflected cross-site scripting XSS issue exists in the /admin/menus component. This allows attackers to execute arbitrary Javascript within a user's browser by altering the referer value in the request header...

6.1CVSS6AI score0.00203EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:0 a.m.2 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

5.8AI score0.00203EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Jianhua Sun LightCMS 安全漏洞

Jianhua Sun LightCMS is an open-source application developed by Jianhua Sun. It provides a lightweight CMS system and can also be used as a general-purpose backend management framework. The Jianhua Sun LightCMS v2.0 version has a security vulnerability, which stems from a reflection-type XSS...

6.1CVSS6AI score0.00203EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 12:0 a.m.7 views

CVE-2026-29934

CVE-2026-29934 describes a reflected XSS in Lightcms v2.0, specifically the /admin/menus component. An attacker can inject arbitrary JavaScript by manipulating the Referer header in requests, causing the payload to execute in the user’s browser context. Public notes across multiple feeds corrobor...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 9:48 p.m.8 views

H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/23 9:48 p.m.4 views

GHSA-FP4X-GGRF-WMC6 H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

5.4CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2026/03/19 3:31 p.m.4 views

EUVD-2026-13111

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.8AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 3:16 p.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

8.8CVSS0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.13 views

Devome GRR 安全漏洞

Devome GRR is a data collection and analysis platform for forensic analysis and incident response developed by the French company Devome. Version 4.5.0 of Devome GRR contains a security vulnerability. This vulnerability stems from insufficient validation of the referer and user-agent parameters i...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.24 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 12:0 a.m.10 views

CVE-2026-30711

CVE-2026-30711 affects Devome GRR v4.5.0 and describes multiple authenticated SQL injection vulnerabilities in include/session.inc.php exploitable via the referer and user-agent. The NVD entry assigns CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with base score 8.8 (HIGH), indicating high impac...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26291

CVE-2026-30711 Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent. https://t.co/VA5JZrI5IV...

5.9AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.8AI score0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.2 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.9AI score0.00259EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.23 views

Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/13 8:2 p.m.1 views

GHSA-CWXJ-RR6W-M6W7 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

7.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/03/11 12:12 a.m.6 views

EUVD-2026-10911

Sylius has an Open Redirect via Referer Header...

6.9CVSS5.8AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder