Description

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.

Remediation

References

CVE-2020-11814

Related Vulnerabilities

Piwigo Improper Access Control Vulnerability (CVE-2016-10514)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1047)

WordPress Plugin Pressbooks Cross-Site Scripting (2.4.2)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)

Severity

Medium

Classification

CVE-2020-11814 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities