Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.3 views

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

6.1CVSS6.2AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2023/04/06 3:15 p.m.3 views

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/06 12:0 a.m.7 views

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

6AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2023/02/25 1:15 a.m.6 views

DEBIAN-CVE-2023-25825

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This i...

6.1CVSS6.9AI score0.0071EPSS
Exploits1References1
Veracode
Veracode
added 2022/08/02 3:12 p.m.22 views

Regular Expression Denial Of Service (ReDoS)

Node-fetch is vulnerable to denial of service. The vulnerability lies in the referrer field in the fetch function, leading to inefficient Regular Expression Complexity. If an attacker is able to use a large character string in the referrer field, the program will either hang or crash...

5.9CVSS5.8AI score0.01104EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.30 views

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-55670)

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

6.1CVSS2AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.2 views

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains TeamCity 2022.04. The vulnerability stems from a lack of data validation filtering of user-supplied data a...

6.1CVSS6.2AI score0.00432EPSS
Exploits0References2
Veracode
Veracode
added 2021/05/05 3:32 a.m.10 views

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitation in referrer field, allowing malicious users to inject and execute arbitrary javascript...

4.2AI score
Exploits0
NVD
NVD
added 2017/09/26 1:29 a.m.18 views

CVE-2015-8707

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field...

9.8CVSS9.2AI score0.0132EPSS
Exploits0References1
Prion
Prion
added 2017/09/26 1:29 a.m.14 views

Design/Logic Flaw

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field...

5CVSS7.1AI score0.0132EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2015/05/26 12:0 a.m.10 views

WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay

WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/22 12:0 a.m.23 views

WordPress Video Gallery 2.8 Unprotected Mail Page

Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at th...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2008/09/10 3:0 p.m.23 views

CVE-2008-3966

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

5.8AI score0.0127EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.74 views

bizdb1-search.cgi located

BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon...

10CVSS0.4AI score0.10625EPSS
Exploits1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.31 views

bizdb1-search.cgi located

One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.6AI score0.10625EPSS
Exploits1References2
NVD
NVD
added 2005/05/02 4:0 a.m.15 views

CVE-2005-1108

The ijuntrustedurl function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request...

5CVSS6.3AI score0.02041EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2004/03/22 12:0 a.m.30 views

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection

source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a result of this, a malicious user may...

7AI score
Exploits0
Rows per page
Query Builder