CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

5.4CVSS6.1AI score0.10123EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:50 a.m.•5 views

CVE-2024-37764

MachForm up to version 19 is affected by an authenticated stored cross-site scripting...

5.4CVSS6.4AI score0.07136EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 8:50 a.m.•5 views

CVE-2024-37762

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution...

9.9CVSS7.4AI score0.28046EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:6 p.m.•6 views

CVE-2021-20103

Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php...

6.1CVSS6AI score0.0024EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:6 p.m.•6 views

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

6.1CVSS7AI score0.0024EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:6 p.m.•8 views

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

8.1CVSS8AI score0.01291EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:16 p.m.•6 views

CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

8.8CVSS6.8AI score0.00145EPSS

Exploits0References1

CNNVD•added 2024/07/01 12:0 a.m.•2 views

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that originates from an authenticated blind SQL injection in the user account settings page...

8.8CVSS7.7AI score0.11056EPSS

Exploits2References2

OSV•added 2021/06/29 4:15 p.m.•1 views

CVE-2021-20104

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

8.1CVSS6.3AI score

Exploits0References1

NVD•added 2021/06/29 4:15 p.m.•8 views

CVE-2021-20105

Machform prior to version 16 is vulnerable to an open redirect in Safariinit.php due to an improperly sanitized 'ref' parameter...

6.1CVSS0.00215EPSS

Exploits0References1

Prion•added 2021/06/29 4:15 p.m.•14 views

Remote code execution

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php...

6.8CVSS8.4AI score0.01291EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/06/29 3:30 p.m.•12 views

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

6.6AI score0.0024EPSS

Exploits0References1

OSV•added 2018/05/26 10:29 p.m.•1 views

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

9.8CVSS5.8AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by