Lucene search
K

138 matches found

CNNVD
CNNVD
added 2023/05/28 12:0 a.m.8 views

WordPress plugin Contact Form Entries – Contact Form 7, WPforms and more 1.3.0及 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Contact Form Entries - Contact For...

6.5CVSS6.5AI score0.00397EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.15 views

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33311 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eead2c1f0998 Credits Rafie Muhammad...

6.5CVSS5.7AI score0.00397EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.20 views

WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-31212 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e8d727f37fdc Credits Rafie Muhammad Patchstack Required privilege...

9.8CVSS7.2AI score0.0075EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/15 12:0 p.m.18 views

GHSA-MXVQ-CV4X-P3JW Incorrect Default Permissions in Liferay Portal

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.25 views

Authorization Bypass in Liferay Portal

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS4.8AI score0.00592EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/15 2:15 a.m.4 views

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS5.8AI score0.00592EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 2:15 a.m.5 views

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS5.8AI score0.00592EPSS
Exploits0References3
NVD
NVD
added 2022/11/15 2:15 a.m.23 views

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS0.00592EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.25 views

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.7AI score0.00592EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.7 views

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.4AI score0.00592EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.7AI score0.00592EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-26277 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.4 Liferay DXP versions 7.1 before fix pack 27 Liferay DXP versions 7.2 before fix pack 19 Liferay DXP versions 7.3 before update 4 Liferay DXP version 7.4 GA Description: The Dynamic Data Mapping...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References8
CVE
CVE
added 2022/11/15 12:0 a.m.82 views

CVE-2022-42129

CVE-2022-42129 describes an insecure direct object reference (IDOR) in the Dynamic Data Mapping module of Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.3 before update 4, 7.4 GA . The vulnerability allows remote authenticated users to view/access form entries via the formInstanceRecordId paramet...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-26275 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.3 before update 4, and 7.4 GA Description: An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module allows remote authenticated users to vie...

4.3CVSS4.4AI score0.00592EPSS
Exploits0References8
CVE
CVE
added 2022/11/15 12:0 a.m.81 views

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0–7.4.3.4 and Liferay DXP 7.1–7.4 exposed an information-disclosure vulnerability where form entries could be viewed/accessed without proper permission checks. Root cause: inadequate permission validation for form entries in the DDM, enabling ...

4.3CVSS4.3AI score0.00592EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.3CVSS5.2AI score0.00592EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.3CVSS5.2AI score0.00592EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/11/07 12:0 a.m.24 views

CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

9.8AI score0.01231EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.22 views

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a...

0.9AI score0.00428EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:9 p.m.14 views

Liferay Portal and Liferay DXP Fails to Properly Check User Permissions

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...

4.3CVSS6.6AI score0.00861EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder