129 matches found
WordPress HTML Forms plugin < 1.3.33 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin HTML Forms versions 1.3.33...
CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
CVE-2024-6243
CVE-2024-6243 affects the WordPress plugin HTML Forms prior to version 1.3.33. The vulnerability is a Stored XSS in form message inputs due to lack of sanitization/escaping, enabling high-privilege users (e.g., administrators) to inject scripts. Public writeups in multiple sources (NVD/NIST entry...
CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
PT-2024-37475 · WordPress · Html Forms
Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33 Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks. This is possible because the plugin does not properly sanitiz...
Cross-site Scripting (XSS)
keycloak is vulnerable to Cross-site Scripting XSS. The vulnerability is due to allowing arbitrary URLs, including JavaScript URIs javascript:, as SAML Assertion Consumer Service POST Binding URL ACS. Allowing JavaScript URIs in combination with HTML forms results in Cross-site Scripting in the...
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...
CVE-2024-24819 icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
CVE-2023-50836 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
CVE-2023-50836 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
CVE-2023-50836
CVE-2023-50836 affects WordPress HTML Forms Plugin versions up to 1.3.28 (and ≤1.3.29 per PatchStack) with a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The issue is tied to the ibericode HTML Forms integration in the plugin,...
WordPress Plugin HTML Forms Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress HTML Forms Plugin <= 1.3.29 is vulnerable to Cross Site Scripting (XSS)
Software HTML Forms Type Plugin Vulnerable versions = 1.3.29 Fixed in 1.3.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 00ea95b31058 Credits Huynh Tien Si Required privilege...
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...