Kiteworks Secure Data Forms 代码问题漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks, which offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had code vulnerabilities due to lack of validation, which...

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

Cross-site Scripting (XSS)

apachesuperset is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly render user inputs via the Upload data forms endpoint, allowing an authenticated attacker with database connection update permissions to inject and execute malicious JavaScript...

Design/Logic Flaw

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

PT-2023-14303 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: The issue arises from upload data forms not correctly rendering user input, leading to possible XSS attack vectors. These attacks can be performed by...