239 matches found
CVE-2025-46173
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...
CVE-2025-46173
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...
CVE-2025-46173
CVE-2025-46173 is a stored XSS vulnerability in code-projects Online Exam Mastering System 1.0. The issue occurs in the feedback form’s name field and is triggered when an administrator views the feedback in the admin dashboard (dash.php), allowing injected scripts to execute in the admin’s brows...
CVE-2025-46173
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS via the name field in the feedback form...
CVE-2024-8605
A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input leads to cross site scripting. The attack can be initiated...
CVE-2024-11886
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler ' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2023-27510
JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry...
CVE-2021-24406
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control...
CVE-2020-35710
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...
CVE-2019-19987
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2024-10075
The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...
PT-2025-21236 · Pichome · Pichome
Name of the Vulnerable Software and Affected Versions: Pichome system versions prior to 2.1.0 Description: A Cross-Site Scripting XSS issue was found due to insufficient sanitization of user input in the login form. This allows an attacker to inject malicious JavaScript code into the username or...
CVE-2025-47468
Cross-Site Request Forgery CSRF vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through = 1.2.8...
CVE-2025-47468 WordPress Hash Form plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through = 1.2.8...
WordPress plugin Hash Form 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
TOTOLINK N150RT 安全漏洞
The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the failure of the parameter submit-url in the file /boafrm/formWlwds to correctly validate the length and size of the input data,...
CVE-2024-13452
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-30900
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...
CVE-2025-30522
CVE-2025-30522 is a CSRF-induced Stored XSS in Contact Form 7 Material Design (Damian Orzol) affecting plugin versions from n/a through 1.0.0. Public details indicate a high-severity impact (CVSSv3.1 base score 7.1) with user interaction required. The connected Wordfence entry lists the patch sta...