CVE-2024-10089

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has...

PT-2024-15727 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

PT-2022-18449 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: Fortinet FortiADC versions 5.x.x through 6.2.3 Description: The issue allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. This is achieved by sending a specifically designe...

Form validation can be skipped in neos/form

Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...

CVE-2018-1000528

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form html/password.php, 308 that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open ...

CVE-2015-8004

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change...

UBUNTU-CVE-2014-0483

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

Job Script 2.0 Password Changer

Job Script V2.0 - Job Board Software change pasword admin admin :[email protected] Change password Cod3d By:TiGeR-dZ ;Script:Job Script V2.0 - Job Board Software Download:http://www.jobscript.net/job-board-software/ Mail:[email protected]...

Enthrallweb eClassifieds 1.0 - Remote User Pass Change

Change Profile=Username FIRST: LAST:...