Lucene search
K

524 matches found

NVD
NVD
added 2017/03/09 8:59 p.m.17 views

CVE-2017-6591

There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field...

6.1CVSS6AI score0.00693EPSS
Exploits2References2
Veracode
Veracode
added 2017/01/09 7:51 a.m.19 views

Information Disclosure

Plone is vulnerable to information disclosure. z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...

4.3CVSS5.8AI score0.01231EPSS
Exploits0References5Affected Software1
n0where
n0where
added 2015/10/22 9:5 p.m.16 views

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

7.5AI score
Exploits0References3
Packet Storm
Packet Storm
added 2015/10/17 12:0 a.m.31 views

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/ Events Made Easy is a full-featured event management solution fo...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2014/09/30 2:0 p.m.20 views

CVE-2012-5491

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...

6.4AI score0.01231EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Typo3 3.5 b5 HTML Hidden Form Field Information Disclosure Weakness (2)

No description provided by source. source: http://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use strict; use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

ShoutBox 1.2 Form Field HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated b...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

MaxWebPortal 1.30 search.asp Search Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

Typo3 3.5 b5 HTML Hidden Form Field Information Disclosure Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability

No description provided by source. E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: http://www.securityfocus.com/bid/1237/info Various shopping cart applications u...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

xNewsletter 1.0 Form Field Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/06/27 2:0 p.m.30 views

CVE-2014-3432

Cross-site scripting XSS vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...

5.7AI score0.01991EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2013/09/25 12:0 a.m.43 views

ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure

Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all url look like this :...

7.4AI score
Exploits0
Prion
Prion
added 2013/06/28 11:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2013/06/28 11:55 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/21 11:0 a.m.19 views

CVE-2012-5472

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field...

6.1AI score0.01135EPSS
Exploits0References4
NVD
NVD
added 2011/12/16 11:55 a.m.18 views

CVE-2011-4730

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in...

10CVSS7AI score0.02381EPSS
Exploits0References2
Prion
Prion
added 2011/12/16 11:55 a.m.20 views

Authentication flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...

9.3CVSS7.6AI score0.02038EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/12/16 11:0 a.m.47 views

CVE-2011-4730

The vulnerability CVE-2011-4730 affects Parallels Plesk Panel 10.2.0_build1011110331.18, specifically its Server Administration Panel. The underlying issue is that the password form field is generated without disabling the browser autocomplete feature, which can allow an attacker to bypass authen...

10CVSS7.3AI score0.02381EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder