Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization in the processing of form definition files by the Form Framework. An attacker can gain administrative privileges by uploading and using maliciously crafted files...

Zuz Music 跨站脚本漏洞

Zuz Music is an online music streaming platform system developed by Zuz Corporation. Version 2.1 of Zuz Music contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious JavaScript through submitting specially crafted form data, potentially allowing...

EUVD-2026-16020

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

Access of Resource Using Incompatible Type ('Type Confusion')

Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the FormData function when handling application/x-www-form-urlencoded or multipart/form-data requests. An attacker ca...

CVE-2020-37144

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

CVE-2020-37144 Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

CVE-2021-47800

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

CVE-2021-47800

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

CVE-2021-47800

CVE-2021-47800 affects b2evolution 7.2.2 and is a cross-site request forgery (CSRF) that enables attackers to modify admin account details without authentication. The vulnerability arises from forged requests triggering admin-profile changes via a crafted webpage loaded by a victim, enabling mani...

EUVD-2026-2780

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users...

EUVD-2012-3366

Malware in sbrugna...

EUVD-2022-4744

Malicious code in bioql PyPI...

PT-2025-34153

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...

CVE-2011-4457

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

PT-2024-32871 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue allows an attacker to lead a user to a malicious page that submits a form POST containing embedded JavaScript code. This code would then be included in the response, along with an...

CVE-2024-25692

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors...

CVE-2024-25692

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors...

CVE-2024-25692

CVE-2024-25692 is a cross-site request forgery in Esri Portal for ArcGIS versions 11.1 and below. A remote, unauthenticated attacker could trick an authorized user into executing unwanted actions via a crafted form. The reported impact on confidentiality and integrity is limited and low; availabi...

CVE-2023-28744

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...

PT-2023-3892 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.1.15289 Foxit PDF Editor affected versions not specified Description: A use-after-free issue exists in the JavaScript engine, allowing an attacker to execute arbitrary code by manipulating form fields of a specif...