CVE-2006-3328
CVE-2006-3328 affects Hostflow 2.2.1-15. The issue is triggered by an IMG tag in the desc parameter (Ticket Description) that can capture referer URLs, enabling retrieval or replay of authentication credentials via potential XSS or credential leakage in referer headers. NVD lists a base score of ...