193 matches found
CVE-2024-25285
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-25285
...
CVE-2024-25285
CVE-2024-25285 is associated with Redsys 3DSecure 2.0. The vulnerability allows form action hijacking on the threeDSMethod.jsp endpoint, via manipulation of the threeDSMethodNotificationURL or threeDSMethodData parameters, enabling redirection of form submissions to a malicious destination and po...
CVE-2024-25285
...
3DSecure 2.0 3DS Method Authentication Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...
3DSecure 2.0 3DS Method Authentication Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...
SUSE CVE-2021-32797
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn't sanitize the action attribute of html . Using this it is possible to trigger the form...
PT-2024-40071 · Packagist · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A cross-site scripting issue has been found in the FormAction field, where a user can specify a title. Recommendations: At the moment, there is no information about a newer version that...
VulnCheck KEV: CVE-2024-2417
The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...
CVE-2023-32344
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...
CVE-2023-32344
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...
Design/Logic Flaw
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...
CVE-2023-32344 IBM Cognos Analytics cross-site request forgery
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...
CVE-2023-32344
CVE-2023-32344 affects IBM Cognos Analytics versions 11.1.7, 11.2.4 FP? and 12.0.0, with a form action hijacking flaw that lets an attacker modify the form action to reference an arbitrary path. Root cause and impact are described across multiple sources (IBM Cognos Analytics documentation and ad...
CVE-2023-32344 IBM Cognos Analytics cross-site request forgery
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...
PT-2024-12322 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 12.0.0 Description: The issue allows form action hijacking, where it is possible to modify the form action to reference an arbitrary path. Recommendations: For versions 11.1.7, 11.2.4, and 12.0.0,...
api-form-action.group-age.jp Cross Site Scripting vulnerability OBB-3856506
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-15632 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to a missing capability check on the wpr update form action meta function, allowing unauthorized post metada...
Allhandsmarketing LMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
Conditional Menus < 1.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...