188 matches found
EUVD-2026-31359
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
Authorization Bypass Through User-Controlled Key
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the surveys process. An attacker can gain unauthorized access to restricted survey functionality by submitting a restricted option ...
CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-8337
Concrete CMS
CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
PT-2026-42565
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR exists in the surveys feature. This occurs when a site is configured with both public and private surveys. An unauthenticated attacker can vote in a...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: rt2x00 – Memory leak fixed when handling survey data When removing a rt2x00 device, the associated channel surveys are not freed, resulting in a memory leak that can be observed using kmemleak. The affected object is:...
CVE-2026-3024
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
EUVD-2026-12397
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
PT-2026-25673
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
Wakyma 跨站脚本漏洞
Wakyma is a pet management application developed by the Spanish company Wakyma. Wakyma has a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw in the endpoint vets.wakyma.com/configuracion/agenda/modelo-formulario-evento. It could allow users wit...
CVE-2026-1901
The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1901
This CVE entry corresponds to a concrete vulnerability in the WordPress QuestionPro Surveys plugin (versions
CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin QuestionPro Surveys 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress QuestionPro Surveys plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin QuestionPro Surveys versions = 1.0...
CVE-2025-13205
CVE-2025-13205 affects the SurveyJS: Drag & Drop Form Builder for WordPress, versions up to and including 1.12.20. The root cause is missing or incorrect nonce validation on the SurveyJS_CloneSurvey AJAX action, enabling CSRF. Impact: unauthenticated attackers could duplicate surveys by tricking ...