33 matches found
CVE-2026-1866
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...
CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...
CVE-2026-1866
The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...
WordPress Name Directory plugin <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability
Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability discovered by duy.thai in WordPress Plugin Name Directory versions = 1.32.0...
WordPress Community Events plugin cross-site scripting vulnerability
WordPress Community Events plugin is an event management plugin for the WordPress platform that allows users to create and display event calendars with support for AJAX dynamic loading and event submission form functionality. WordPress Community Events plugin suffers from a cross-site scripting...
Malicious code in evvnt-submission-form-angular (npm)
The package evvnt-submission-form-angular was found to contain malicious code...
MAL-2025-20023 Malicious code in evvnt-submission-form-angular (npm)
The package evvnt-submission-form-angular was found to contain malicious code...
HackerOne: [IDOR] Improper Access Control on Embedded Submission Form
The researcher discovered an improper access control vulnerability that allowed them to access sensitive program information for private/inactive embedded submission forms by leveraging the form's UUID. The researcher used reconnaissance techniques to obtain a list of UUIDs for various private...
BIT-GITLAB-2020-10078
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...
PT-2024-18576 · Nway Pro · Nway Pro
Name of the Vulnerable Software and Affected Versions: Nway Pro version 9 Description: A vulnerability was found in the function ajax login submit form of the file loginindex.php of the component Argument Handler. The manipulation of the argument rsargs leads to information exposure through error...
testing submission form - IGNORE
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...
Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form
Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends acros...
CVE-2023-34831
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form "id" and "title" HTTP POST parameters where the students submit their reports for similarity/plagiarism checks...
CVE-2023-34831
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form "id" and "title" HTTP POST parameters where the students submit their reports for similarity/plagiarism checks...
SUSE CVE-2018-19143
Open Ticket Request System OTRS 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled...
WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
CVE-2020-10078
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...
CVE-2020-10078
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...
HackerOne: Submitting report through Embedded Submission form gives user indefinite access to a profile
Summary: Hi team, @jobert , @ben After testing on the sandbox, I noticed that one of my accountswhich I removed from the program can see some of the information. I don't know if it affects other programs that have other States - private-only, private-only whit external link. I could not find the...