5 matches found
EUVD-2020-7236
Malware in sbrugna...
CVE-2020-15161
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8...
CVE-2024-10075
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...
CVE-2025-3872 Privilege escalation by altering payload in contact form
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon centreon-web User configuration form modules allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its...
CVE-2020-15178
In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...