67 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the FormManager::create function. An attacker can access and exfiltrate sensitive database contents, including user credentials, by injecting arbitrary SQL statements through crafted input to the bnidnature parameter...
PT-2026-42810
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.4 Description An unauthenticated SQL injection exists in the Bazar form-import functionality. An unauthenticated visitor can inject arbitrary SQL into an INSERT statement via the FormManager::create function. This...
Astra Linux - уязвимость в firefox
The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...
CVE-2024-34356
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...
EUVD-2017-11069
Malware in sbrugna...
EUVD-2017-11068
Malware in sbrugna...
EUVD-2022-45987
Malicious code in bioql PyPI...
EUVD-2024-27250
Malicious code in bioql PyPI...
SUSE CVE-2022-42931
Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username not password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox 106...
CVE-2024-36572
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...
CVE-2017-20053
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...
WordPress FluentForm plugin <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting vulnerability
Authenticated Form Manager+ Stored Cross-Site Scripting vulnerability discovered by Ivan Kuzymchak in WordPress Plugin FluentForm versions = 5.1.19...
CVE-2024-9528 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-36572
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...
CVE-2024-36572
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...
PT-2024-27072 · Unknown · Allpro Form-Manager
Name of the Vulnerable Software and Affected Versions: allpro form-manager version 0.7.4 Description: The issue allows attackers to run arbitrary code and cause other impacts. This is achieved via the functions setDefaults, mergeBranch, and Object.setObjectValue. Recommendations: For allpro...
CVE-2024-36572
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...
CVE-2024-36572
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...
CVE-2024-36572
CVE-2024-36572 concerns prototype pollution in allpro form-manager 0.7.4. The issue arises through the functions setDefaults , mergeBranch , and Object.setObjectValue , enabling attackers to manipulate Object.prototype and potentially achieve arbitrary code execution or other impacts as described...