17 matches found
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
EUVD-2019-10707
Malware in sbrugna...
EUVD-2020-0545
Malware in sbrugna...
CVE-2025-47280
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
Cross site scripting
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
CVE-2019-20152
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...
GHSA-8M73-W2R2-6XXJ Insecure defaults in UmbracoForms
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
Insecure defaults in UmbracoForms
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
CVE-2020-7685
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
Default configuration
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
CVE-2020-7685 Insecure Defaults
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
PT-2020-19708 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: UmbracoForms versions all versions Description: The issue allows uploading arbitrary file types when using the default configuration for upload forms. Users can mitigate this by creating a custom workflow and frontend validation to block...