CVE-2023-22583

CVE-2023-22583 affects the Danfoss AK-EM100 web-forms login functionality. The issue is an SQL injection vulnerability in the login forms, enabling potential unauthorized data access or manipulation. The core details across connected documents confirm the affected software (Danfoss AK-EM100 web i...

CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

CVE-2022-44628 WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

CVE-2022-44628

CVE-2022-44628 affects the WordPress 4ECPS Web Forms plugin (versions

4ECPS Web Forms <= 0.2.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-27270 · WordPress · 4Ecps Web Forms

Name of the Vulnerable Software and Affected Versions: 4ECPS Web Forms plugin versions 0.2.17 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. It affects the 4ECPS Web Forms plugin on WordPress...

WordPress Plugin Web Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

PT-2022-25884 · Devexpress · Devexpress Asp.Net

Name of the Vulnerable Software and Affected Versions: DevExpress ASP.NET Web Forms Build version 19.2.3 Description: The DevExpress Resource Handler ASPxHttpHandlerModule does not verify the referenced objects in the "/DXR.axd?r=" HTTP GET parameter. This leads to an Insecure Direct Object...

CVE-2022-41479

CVE-2022-41479 affects DevExpress ASP.NET Web Forms Build v19.2.3. The DevExpress Resource Handler (ASPxHttpHandlerModule) does not verify objects referenced by the /DXR.axd?r= HTTP GET parameter, causing an Insecure Direct Object References (IDOR) that can expose the application source code (ven...

DevExpress ASP.NET Web Forms 安全漏洞

DevExpress ASP.NET Web Forms is a Web Forms control from DevExpress, USA. A security vulnerability exists in DevExpress ASP.NET Web Forms Build v19.2.3. An attacker can exploit the vulnerability to gain access to the application's source code...

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

Do You Know If Your Web Forms Are Secure?

By Owais Sultan Knowing if your forms are secure is a tricky one. Do you know if your front door is… This is a post from HackRead.com Read the original post: Do You Know If Your Web Forms Are Secure?...

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms alert'xss'" document.test.submit;...

CVE-2021-32697

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

CVE-2021-32697

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

Design/Logic Flaw

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

CVE-2021-32697

The CVE-2021-32697 issue affects the Neos Form framework (neos/forms) where a crafted GET request with a valid form state can submit a form without triggering validators. The form state is protected by an HMAC that is still verified, so exploitation requires that Form Finishers may run actions ev...