360 matches found
CVE-2022-41139
CVE-2022-41139 affects MITRE CALDERA (version 4.1.0). The vulnerability is a stored XSS via the app.contact.gist field (gist contact configuration), which can lead to execution of arbitrary commands on agents. Public references consistently describe this as a stored XSS issue in CALDERA 4.1.0. Th...
CVE-2022-41139
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist aka the gist contact configuration field, leading to execution of arbitrary commands on agents...
CVE-2022-40605
CVE-2022-40605 (MITRE CALDERA) affects MITRE CALDERA before 4.1.0, with an XSS exposure in the Operations tab and/or Debrief plugin triggered by a crafted operation name. The description indicates a separate vulnerability from CVE-2022-40606. The connected sources reiterate the same issue and not...
WordPress plugin Caldera Forms cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...
CVE-2022-0879
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0879
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0879
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0879
The CVE-2022-0879 entry concerns the Caldera Forms WordPress plugin prior to version 1.9.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by the plugin not validating and escaping the cf-api parameter before echoing it in responses. Affected component: cf-api handling in Cald...
WordPress plugin Caldera Forms跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...
PT-2022-13496
Name of the Vulnerable Software and Affected Versions Caldera Forms WordPress plugin versions prior to 1.9.7 Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the cf-api parameter is not properly validated and escaped before being output in the response...
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting The issue is only exploitable when there are no forms created yet...
WordPress Caldera Forms plugin <= 1.9.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Caldera Forms plugin versions = 1.9.6. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.7...
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...
MITRE Caldera Command Injection (CVE-2021-42561)
A command injection vulnerability exists in MITRE Caldera Human plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Caldera Arbitrary Code Execution Vulnerability
Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...
Caldera Command Injection Vulnerability
A command injection vulnerability exists in Caldera 2.8.1 and earlier, which stems from multiple startup "requirements" that execute commands when starting a server that commands can be changed via the REST API. An authenticated attacker could use this vulnerability to insert arbitrary commands a...
Caldera Cross-Site Scripting Vulnerability (CNVD-2022-08169)
A cross-site scripting vulnerability exists in version 2.8.1 of Caldera, a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices, which stems from a lack of effective filtering and escaping of user-submitted paramete...
Caldera Access Control Error Vulnerability (CNVD-2022-08044)
Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...