CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11437

CVE-2025-11437 affects JhumanJ OpnForm ≤1.9.3, specifically the Form Editor’s /api/open/forms component. The issue enables cross-site scripting via that file, with remote initiation possible. Exploitation has been published and may be used in the wild. The vendor states the vulnerable feature is ...

CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

OpnForm 代码注入漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an incorrect operation of the component Form Editor in file/api/open/forms, and could lead to a cross-site scripting attack...

PT-2025-41231

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3, specifically within the Form Editor component. This issue involves manipulation of the /api/open/forms/ file, leading to cross site scriptin...

PoC-Stored-XSS-textpattern-4.8.8-Exploit

Textpattern CMS 4.8.8 — Stored XSS Advisory Title: Stored...

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

SQL Injection

typo3/cms-core is vulnerable to SQL injection. The vulnerability is due to improper dissociation of system-related configuration from user-generated configuration, allowing instructions to be persisted to a form definition file that were not configured to be modified. This allows attackers to...

Unspecified Cross-Site Scripting Vulnerability in SAP Customer Relationship Management Mail Form Editor

SAP Customer Relationship Management is a customer relationship management solution from SAP, Germany. It supports all customer-centric business areas, from marketing to sales and service, as well as customer interaction channels such as interaction centers, the Internet and mobile customers. An...

SAP Customer Relationship Management Email Form Editor Cross-Site Scripting Vulnerability

SAP Customer Relationship Management is a customer relationship management solution. A cross-site scripting vulnerability exists in the SAP Customer Relationship Management email form editor because it does not properly filter user-supplied input. A remote attacker could exploit this vulnerabilit...