Lucene search
+L

193 matches found

NVD
NVD
added 2024/10/09 4:15 a.m.23 views

CVE-2024-25285

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits1
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.9 views

CVE-2024-25285

...

6.3AI score
Exploits1
CVE
CVE
added 2024/10/09 12:0 a.m.58 views

CVE-2024-25285

CVE-2024-25285 is associated with Redsys 3DSecure 2.0. The vulnerability allows form action hijacking on the threeDSMethod.jsp endpoint, via manipulation of the threeDSMethodNotificationURL or threeDSMethodData parameters, enabling redirection of form submissions to a malicious destination and po...

6.9AI score
Exploits1
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.25 views

CVE-2024-25285

...

Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.370 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
Packet Storm
Packet Storm
added 2024/09/12 12:0 a.m.389 views

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

7.4AI score
Exploits1
SUSE CVE
SUSE CVE
added 2024/06/04 12:57 p.m.2 views

SUSE CVE-2021-32797

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn't sanitize the action attribute of html . Using this it is possible to trigger the form...

9.6CVSS9.4AI score0.02638EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.3 views

PT-2024-40071 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A cross-site scripting issue has been found in the FormAction field, where a user can specify a title. Recommendations: At the moment, there is no information about a newer version that...

6.1CVSS6.4AI score
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/05/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2417

The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...

8.8CVSS6AI score0.00938EPSS
Exploits0References1
OSV
OSV
added 2024/02/26 4:27 p.m.7 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS5.9AI score0.0038EPSS
Exploits0References4
NVD
NVD
added 2024/02/26 4:27 p.m.33 views

CVE-2023-32344

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS5.6AI score0.0038EPSS
Exploits0References4
Prion
Prion
added 2024/02/26 4:27 p.m.29 views

Design/Logic Flaw

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS6.6AI score0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/24 3:29 p.m.17 views

CVE-2023-32344 IBM Cognos Analytics cross-site request forgery

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS6.5AI score0.0038EPSS
Exploits0References4
CVE
CVE
added 2024/02/24 3:29 p.m.118 views

CVE-2023-32344

CVE-2023-32344 affects IBM Cognos Analytics versions 11.1.7, 11.2.4 FP? and 12.0.0, with a form action hijacking flaw that lets an attacker modify the form action to reference an arbitrary path. Root cause and impact are described across multiple sources (IBM Cognos Analytics documentation and ad...

4.3CVSS4.5AI score0.0038EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/02/24 3:29 p.m.30 views

CVE-2023-32344 IBM Cognos Analytics cross-site request forgery

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS4.7AI score0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.10 views

PT-2024-12322 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 12.0.0 Description: The issue allows form action hijacking, where it is possible to modify the form action to reference an arbitrary path. Recommendations: For versions 11.1.7, 11.2.4, and 12.0.0,...

4.3CVSS6.6AI score0.0038EPSS
Exploits0References7
Openbugbounty
Openbugbounty
added 2024/02/22 8:38 p.m.10 views

api-form-action.group-age.jp Cross Site Scripting vulnerability OBB-3856506

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-15632 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to a missing capability check on the wpr update form action meta function, allowing unauthorized post metada...

5.3CVSS9.2AI score0.00225EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2023/07/04 12:0 a.m.162 views

Allhandsmarketing LMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2023/05/24 12:0 a.m.161 views

Conditional Menus < 1.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
Rows per page
Query Builder