Lucene search
+L

239 matches found

NVD
NVD
added 2025/05/27 8:15 p.m.16 views

CVE-2025-46173

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...

6.1CVSS0.00266EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/27 12:0 a.m.18 views

CVE-2025-46173

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...

0.00266EPSS
Exploits1References2
CVE
CVE
added 2025/05/27 12:0 a.m.56 views

CVE-2025-46173

CVE-2025-46173 is a stored XSS vulnerability in code-projects Online Exam Mastering System 1.0. The issue occurs in the feedback form’s name field and is triggered when an administrator views the feedback in the admin dashboard (dash.php), allowing injected scripts to execute in the admin’s brows...

6.1CVSS5.7AI score0.00266EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/27 12:0 a.m.6 views

CVE-2025-46173

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...

6AI score0.00266EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.4 views

CVE-2024-8605

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input leads to cross site scripting. The attack can be initiated...

6.9CVSS6.4AI score0.00529EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.6 views

CVE-2024-11886

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler ' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.7 views

CVE-2023-27510

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry...

7.5CVSS6.8AI score0.00707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.9 views

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control...

6.1CVSS6.6AI score0.03379EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.11 views

CVE-2020-35710

Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...

5.3CVSS7.1AI score0.01661EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:29 a.m.10 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5CVSS6.9AI score0.00546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.12 views

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

10CVSS7.5AI score0.10735EPSS
Exploits5References1
CVE
CVE
added 2025/05/15 8:6 p.m.84 views

CVE-2024-10075

The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...

5.6CVSS7AI score0.00334EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.5 views

PT-2025-21236 · Pichome · Pichome

Name of the Vulnerable Software and Affected Versions: Pichome system versions prior to 2.1.0 Description: A Cross-Site Scripting XSS issue was found due to insufficient sanitization of user input in the login form. This allows an attacker to inject malicious JavaScript code into the username or...

6.1CVSS5.2AI score0.00194EPSS
Exploits0References4
NVD
NVD
added 2025/05/07 3:16 p.m.14 views

CVE-2025-47468

Cross-Site Request Forgery CSRF vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through = 1.2.8...

4.3CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:19 p.m.32 views

CVE-2025-47468 WordPress Hash Form plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through = 1.2.8...

4.3CVSS0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.8 views

WordPress plugin Hash Form 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.4 views

TOTOLINK N150RT 安全漏洞

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the failure of the parameter submit-url in the file /boafrm/formWlwds to correctly validate the length and size of the input data,...

9CVSS8AI score0.00852EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/18 2:20 a.m.10 views

CVE-2024-13452

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 11:15 a.m.16 views

CVE-2025-30900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...

6.5CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 1:46 p.m.52 views

CVE-2025-30522

CVE-2025-30522 is a CSRF-induced Stored XSS in Contact Form 7 Material Design (Damian Orzol) affecting plugin versions from n/a through 1.0.0. Public details indicate a high-severity impact (CVSSv3.1 base score 7.1) with user interaction required. The connected Wordfence entry lists the patch sta...

7.1CVSS7.2AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder