CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

Remote code execution

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

Design/Logic Flaw

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

Cross site request forgery (csrf)

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

Cross site scripting

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

Open redirect

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

CVE-2021-20105

CVE-2021-20105 affects MachForm prior to version 16. The issue is an open redirect in Safari_init.php caused by an improperly sanitized ref parameter, enabling a redirect to a attacker‑controlled URL. Documents identify MachForm 16 as the fixed version; remediation is to upgrade to MachForm 16 or...

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

CVE-2021-20104

MachForm prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Affected software: MachForm

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

CVE-2021-20103

MachForm prior to version 16 is affected by a stored cross-site scripting vulnerability due to insufficient sanitization of file attachments uploaded with forms via upload.php. The root cause is inadequate validation/sanitization of attachments, allowing injected JavaScript to be stored and poten...