WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting

WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page. id: CVE-2021-25063 info: name: WordPress Contact Form 7 Skins =2.5.0 - Cross-Site Scripting...

CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

EUVD-2008-0210

Malware in sbrugna...

EUVD-2008-0209

Malware in sbrugna...

PT-2023-23367 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop version 1.7.7.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in "/contactform/contactform.php". Recommendations: F...

CVE-2020-15178

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2020-15178

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

Input validation

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2020-15178

CVE-2020-15178 affects the PrestaShop contactform module (prestashop/contactform) prior to version 4.3.0. The vulnerability arises from incorrect unescaping of the message field in the contact form, enabling an attacker to inject and execute arbitrary JavaScript in a victim’s browser (XSS). Multi...

ludwigdach.ch XSS vulnerability

Vulnerable URL: http://www.ludwigdach.ch/a/main/contactform.php?css=1%22%3E%3Cimg%20src=x%20onerror=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 08.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17106471...

miteq.com XSS vulnerability

Open Bug Bounty ID: OBB-236147 Description| Value ---|--- Affected Website:| miteq.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Directory traversal

Multiple directory traversal vulnerabilities in pluck 4.6.2, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the langpref parameter to 1 data/modules/contactform/moduleinfo.php, 2 data/modules/blog/moduleinfo.php, and 3...

CVE-2009-1765

Multiple directory traversal vulnerabilities in pluck 4.6.2, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the langpref parameter to 1 data/modules/contactform/moduleinfo.php, 2 data/modules/blog/moduleinfo.php, and 3...

Pluck 4.6.2 Local File Inclusion

=-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::pluck version 4.6.2 ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download from:http://www.pluck-cms.org/?file=kop2.p...

Pluck CMS 4.6.2 - langpref Local File Inclusion

Pluck CMS 4.6.2 - langpref Local File Inclusion =-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::pluck version 4.6.2 ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak...

Abuse of Functionality vulnerability in WP-ContactForm for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Abuse of Functionality уязвимости в плагине WP-ContactForm для WordPress. Abuse of Functionality: На странице контактов есть функция “Copy yourself on the form submission”. Она включается в настройках Copy Option и приводит к тому, что через сайт...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 wpcfquestion, 2 wpcfsuccessmsg, or 3 wpcferrormsg parameter to...

CVE-2008-0197

CVE-2008-0197 corresponds to multiple XSS vulnerabilities in WP-ContactForm 1.5 alpha and earlier for WordPress. The flaws allow remote attackers to inject arbitrary script/HTML via parameters (wpcf_email, wpcf_subject, wpcf_question, wpcf_answer, wpcf_success_msg, wpcf_error_msg, wpcf_msg) to wp...

CVE-2008-0198

Multiple cross-site request forgery CSRF vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 wpcfquestion, 2 wpcfsuccessmsg, or 3 wpcferrormsg parameter to...