DEBIAN-CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

EUVD-2013-4464

Malware in sbrugna...

EUVD-2010-4503

Malware in sbrugna...

EUVD-2014-8848

Malware in sbrugna...

WordPress plugin 4stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2010-4537

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

GHSA-WGW2-GW4V-9W4J Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

CVE-2021-42364

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...

PvPGN Stats ladder/stats.php file SQL injection vulnerability (CNVD-2018-11468)

PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program failing to filter...

itf.phone-rencontre.com XSS vulnerability

Open Bug Bounty ID: OBB-231145 Description| Value ---|--- Affected Website:| itf.phone-rencontre.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site scripting

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others...

old.post-gazette.com XSS vulnerability

Vulnerable URL: http://old.post-gazette.com/highschoolsports/stats/teamrecord.asp?teamtypeid=3=462BE555-D7F9-11D5-A78D-003048215596"--!"=18' Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...

espn.com.ar XSS vulnerability

Vulnerable URL: http://www.espn.com.ar/mlb/deportes/stats/fielding?order=true%22%3E%3Ch1/onmouseover=%27alert%28/XSSPOSED/%29%27%3EYVTALE Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:04 GMT Vulnerability type:| XSS Vulnerability status:|...

CVE-2015-8797

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

CVE-2014-9021

Multiple cross-site scripting XSS vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the 1 tr69cAcsURL, 2 tr69cAcsUser, 3 tr69cAcsPwd, 4 tr69cConnReqPwd, or 5 tr69cDebugEnable parameter to the TR-069 client page tr69cfg.cgi; the 6 timezone parameter...