Lucene search

Contact Forms Security Vulnerabilities

cve

CVE-2012-2071

Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.

5.3AI Score

0.001EPSS

2012-08-14 11:55 PM

cve

CVE-2012-2340

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.

6.3AI Score

0.002EPSS

2012-05-21 08:55 PM

cve

CVE-2021-24744

The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

4.8CVSS

4.8AI Score

0.001EPSS

2021-10-25 02:15 PM

cve

CVE-2023-2563

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers t...

4.3CVSS

4.6AI Score

0.001EPSS

2023-06-13 02:15 AM