Lucene search
K

360 matches found

CVE
CVE
added 2022/10/17 12:0 a.m.50 views

CVE-2022-41139

CVE-2022-41139 affects MITRE CALDERA (version 4.1.0). The vulnerability is a stored XSS via the app.contact.gist field (gist contact configuration), which can lead to execution of arbitrary commands on agents. Public references consistently describe this as a stored XSS issue in CALDERA 4.1.0. Th...

5.4CVSS5.5AI score0.00507EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.16 views

CVE-2022-41139

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist aka the gist contact configuration field, leading to execution of arbitrary commands on agents...

5.7AI score0.00507EPSS
Exploits1References1
CVE
CVE
added 2022/10/17 12:0 a.m.53 views

CVE-2022-40605

CVE-2022-40605 (MITRE CALDERA) affects MITRE CALDERA before 4.1.0, with an XSS exposure in the Operations tab and/or Debrief plugin triggered by a crafted operation name. The description indicates a separate vulnerability from CVE-2022-40606. The connected sources reiterate the same issue and not...

6.1CVSS5.8AI score0.00417EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/04/19 12:0 a.m.58 views

WordPress plugin Caldera Forms cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

4.3CVSS2AI score0.01195EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/04/18 6:15 p.m.15 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.01195EPSS
Exploits2References1
OSV
OSV
added 2022/04/18 6:15 p.m.5 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.01195EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/18 6:15 p.m.7 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.01195EPSS
Exploits2References2
Prion
Prion
added 2022/04/18 6:15 p.m.17 views

Cross site scripting

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.01195EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/04/18 5:10 p.m.24 views

CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.3AI score0.01195EPSS
Exploits2References1
CVE
CVE
added 2022/04/18 5:10 p.m.112 views

CVE-2022-0879

The CVE-2022-0879 entry concerns the Caldera Forms WordPress plugin prior to version 1.9.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by the plugin not validating and escaping the cf-api parameter before echoing it in responses. Affected component: cf-api handling in Cald...

6.1CVSS6AI score0.01195EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.23 views

WordPress plugin Caldera Forms跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

6.1CVSS4.8AI score0.01195EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/04/18 12:0 a.m.4 views

PT-2022-13496

Name of the Vulnerable Software and Affected Versions Caldera Forms WordPress plugin versions prior to 1.9.7 Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the cf-api parameter is not properly validated and escaped before being output in the response...

6.1CVSS6AI score0.01195EPSS
Exploits2References5
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.225 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting The issue is only exploitable when there are no forms created yet...

6.1CVSS0.6AI score0.01195EPSS
Exploits2
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.33 views

WordPress Caldera Forms plugin <= 1.9.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Caldera Forms plugin versions = 1.9.6. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.7...

6.1CVSS2.4AI score0.01195EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.25 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...

6.1CVSS0.3AI score0.01195EPSS
Exploits2Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/02/17 12:0 a.m.10 views

MITRE Caldera Command Injection (CVE-2021-42561)

A command injection vulnerability exists in MITRE Caldera Human plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.5AI score0.19572EPSS
Exploits2
CNVD
CNVD
added 2022/01/19 12:0 a.m.39 views

Caldera Arbitrary Code Execution Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

9CVSS9.1AI score0.19572EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.27 views

Caldera Command Injection Vulnerability

A command injection vulnerability exists in Caldera 2.8.1 and earlier, which stems from multiple startup "requirements" that execute commands when starting a server that commands can be changed via the REST API. An authenticated attacker could use this vulnerability to insert arbitrary commands a...

8.8CVSS4.5AI score0.01957EPSS
Exploits3References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.24 views

Caldera Cross-Site Scripting Vulnerability (CNVD-2022-08169)

A cross-site scripting vulnerability exists in version 2.8.1 of Caldera, a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices, which stems from a lack of effective filtering and escaping of user-submitted paramete...

6.1CVSS3.3AI score0.01052EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.33 views

Caldera Access Control Error Vulnerability (CNVD-2022-08044)

Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...

8.1CVSS8AI score0.0119EPSS
Exploits2References1
Rows per page
Query Builder