Description - Referer XSS in ExpressionEngine
Cross Site Scripting found in ExpressionEngine script.
Vulnerable script: core.input.php
Variable $_SERVER['HTTP_REFERER'] isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator(or any user) will open Referrers Statistics.
Administrator's session is threatened.
Order Source Code Review
Prevent hacking by source code analysis of your website made by our team.The task will be done by specialists in web application security.