VulnCheck KEV: CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...

WordPress Plugin Advanced Custom Fields: Extended Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

SUSE CVE-2011-5034

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

The vulnerability of the D-Link DIR-816 A2 router’s microprogramming software lies in the fact that the operation output goes beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the D-Link DIR-816 A2 router’s microprogramming software relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the /goform/form2IPQoSTcAdd parameter...

CVE-2022-38619

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid90 parameter at /SVFE2/pages/feegroups/mccgroup.jsf...

CVE-2022-38616

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:jid90 parameter at /feegroups/tgrtgroup.jsf...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from the UserForm:jid90 parameter in /feegroups/tgrtgroup.jsf contains a SQL injection vulnerability...

CVE-2022-30924

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm...

Rating by BestWebSoft < 1.6 - Rating Denial of Service

The plugin does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating Under Settings - Discussion, uncheck "Comment must be manually approved" Install and Enable Rating BestWebSoft plugin Change "Enable...

Cloud Foundry UAA open redirect

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open...

CVE-2020-20584

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

Cross site scripting

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

CVE-2020-20584

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

CVE-2021-24125

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)

The ZebraForm PHP library v2.9.8 latest and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file. There is currently no patch available and the removal of this library is recommended. Via $GET'form': &control=upload" method="post"...

Victor CMS 1.0 - (user_firstname) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software...

qdPM 9.1 Cross Site Scripting

Exploit Title: qdPM 9.1 - 'cfgappappname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://qdpm.net Software Link: https://sourceforge.net/projects/qdpm/ Version: 9.1 Tested on: Windows 10 Description: The form paramet...

qdPM 9.1 - cfg[app_app_name] Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - 'cfgappappname' Persistent Cross-Site Scripting Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://qdpm.net Software Link: https://sourceforge.net/projects/qdpm/ Version: 9.1 Tested on: Windows 10...