134 matches found
CVE-2023-50836 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...
WordPress Plugin HTML Forms Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress HTML Forms Plugin <= 1.3.29 is vulnerable to Cross Site Scripting (XSS)
Software HTML Forms Type Plugin Vulnerable versions = 1.3.29 Fixed in 1.3.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 00ea95b31058 Credits Huynh Tien Si Required privilege...
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
Sql injection
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689 HTML Forms < 1.3.25 - Admin+ SQLi
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
PT-2022-23685
Name of the Vulnerable Software and Affected Versions HTML Forms WordPress plugin versions prior to 1.3.25 Description The issue is related to a SQL injection that occurs because a parameter is not properly escaped before being used in a SQL statement. This can be exploited by high privilege user...
WordPress plugin HTML Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms=editid=formID=submissions Capture the request after...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...
WordPress HTML Forms plugin <= 1.3.24 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in the WordPress HTML Forms plugin versions = 1.3.24. Solution Update the WordPress HTML Forms plugin to the latest available version at least 1.3.25...
GHSA-FCG8-MG9G-6HC4 .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
Denial Of Service (DoS)
.NET and Visual Studio is vulnerable to Denial of Service. The vulnerability exists due to a flaw was found in dotnet allowing an attacker to crash the system by parsing HTML forms...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...