Form Security Vulnerabilities
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in...
9.8CVSS
9.6AI Score
0.009EPSS
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via...
5.3CVSS
5.4AI Score
0.002EPSS
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via...
5.3CVSS
5.4AI Score
0.002EPSS
An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker....
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.004EPSS
Remote file download vulnerability in candidate-application-form v1.0 wordpress...
7.5CVSS
7.6AI Score
0.053EPSS
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted...
6.1CVSS
5.9AI Score
0.002EPSS
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified...
2.7CVSS
3.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified...
5.4AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in....
6.4AI Score
0.007EPSS
Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified...
7.3AI Score
0.002EPSS
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified...
7.8AI Score
0.007EPSS
Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...
7.3AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to...
5.9AI Score
0.002EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the...
6.8AI Score
0.001EPSS
Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified...
6.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to...
5.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to...
6AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder...
5.8AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC...
6AI Score
0.001EPSS
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719...
7.1AI Score
0.004EPSS
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
8AI Score
0.102EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to...
5.8AI Score
0.005EPSS
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.9AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...
5.8AI Score
0.004EPSS
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified...
6.3AI Score
0.004EPSS
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath...
7.8AI Score
0.012EPSS
Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on...
7.9AI Score
0.08EPSS
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the...
6.8AI Score
0.012EPSS
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are...
7.4AI Score
0.007EPSS
Xigla Software Absolute Form Processor .NET 4.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain...
7.4AI Score
0.019EPSS
Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack...
7.1AI Score
0.018EPSS
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby...
8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE: some of these...
5.8AI Score
0.003EPSS
Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX...
7.7AI Score
0.1EPSS
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in...
7.7AI Score
0.027EPSS
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc...
7.1AI Score
0.005EPSS
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain...
6.5AI Score
0.0004EPSS
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain...
6.5AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the base_path parameter, possibly related to (1)...
5.9AI Score
0.006EPSS
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information,...
6.5AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an...
5.7AI Score
0.005EPSS
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by...
7.7AI Score
0.154EPSS
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id...
8.4AI Score
0.004EPSS
Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect;...
6.6AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to...
9.1AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party...
5.8AI Score
0.005EPSS
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained...
7.6AI Score
0.011EPSS
CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than...
6.9AI Score
0.026EPSS