Open Redirect

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Open Redirect via the Form Node when an authenticated user with workflow creation or modification permissions configures an unsanitized HTML description field or leverages an overly permissive ifram...

Eval Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...

PT-2024-9543 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

PT-2024-11731 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The Online Flight Booking Management System contains a cross-site scripting XSS issue via the feedback form. This allows for potential malicious script injection. No information...

PT-2023-30086 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formFilter. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the...

PT-2023-30091 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: The issue is related to a stack overflow that occurs via the formDosCfg function. Recommendations: For TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web, as a temporary...

PT-2023-20773 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A problematic issue affects the Contact Form component, specifically the file classes/Master.php?f=save inquiry. The manipulation of the fullname, contact, or message...

PT-2023-18381 · Dream Technology · Mica

Name of the Vulnerable Software and Affected Versions: Dream Technology mica versions up to 3.0.5 Description: A problematic issue has been identified, affecting an unknown function of the component Form Object Handler. This issue leads to cross site scripting and can be exploited remotely...

PT-2022-27137 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.19 Description: The issue is related to a Buffer Overflow that can be triggered via the formWifiWpsStart function. This can potentially allow for unauthorized access or code execution. Recommendations: For Tenda AC...

PT-2022-4008 · Jenkins · Jenkins Buckminster Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Buckminster Plugin versions 1.1.1 and earlier Description: The issue is related to insufficient authorization procedures in the Jenkins Buckminster Plugin, allowing remote attackers with Overall/Read permission to gain unauthorized...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description Attacker is able to disable the form Proof of Concept When you logged in open this POC.html in a browser. You can put the website into maintenance mode. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of disabling the website...