CVE-2023-49768 WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembly: from n/a through 2.0.10...

WordPress WP-FormAssembly plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin WP-FormAssembly versions = 2.0.10...

WordPress WP-FormAssembly Plugin <= 2.0.10 is vulnerable to Cross Site Scripting (XSS)

Software WP-FormAssembly Type Plugin Vulnerable versions = 2.0.10 Fixed in 2.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49768 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e39ae49a241 Credits Khalid Yusuf Required privilege...

WordPress WP-FormAssembly Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WP-FormAssembly Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02e3cddecd0a Credits WordFence Required privilege...

WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability

Auth. Arbitrary File Read vulnerability discovered by Nguyen Anh Tien Patchstack Alliance in the WordPress WP-FormAssembly plugin versions = 2.0.5. Solution No patched version available...

FormAssembly: scripts loader DOS vulnerability

1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor...

FormAssembly: xmlrpc.php file is enable it will used for (DOS) and bruteforce attack

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://www.formassembly.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order ...

FormAssembly: SSLv3 Poodle Vulnerability

Hey there, I tested against POODLE MITM and enterprisedemo.formassembly.com is vulnerable, I simply went into terminal and used this command "openssl sclient -connect enterprisedemo.formassembly.com:443 -ssl3" POC How to fix: Disable SSLv3...

help.formassembly.com XSS vulnerability

Vulnerable URL: https://help.formassembly.com/help/select?uri=/help/340484-field-hints-contextual-help&s=55705c4a610fde1e60a552f5e9965d7f-244'-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.09.2017 Vulnerability type:| XSS Vulnerability status:...

FormAssembly: XSS in api_v1

Researcher reported XSS that was demonstrated via outputting an alert. Issue has been resolved...

FormAssembly: XSS on username when register to proffesional account

A XSS vulnerability was found in the username field of one of our sign-up pages https://www.formassembly.com/partners/salesforce/sign-up.php?plan=PROFESSIONAL. The researcher was able to prompt an alert by posting this code in the field: " This issue was corrected and we thank the researcher,...

Python Web Application XSS Scanner: XssPy

Python Web Application XSS Scanner XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After...

formassembly.com XSS vulnerability

Vulnerable URL: https://www.formassembly.com/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 20.06.2017 Latest check for patch:| 20.06.2017 16:44 GMT Vulnerability type:| XSS Vulnerability status:|...