CVE-2026-3642

CVE-2026-3642 concerns the WordPress plugin e-shot form builder. It affects all versions up to and including 1.0.2, where the AJAX handler eshot_form_builder_update_field_data() lacks capability checks (current_user_can()) and nonce verification (check_ajax_referer()/wp_verify_nonce()). Registere...

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

EUVD-2026-4866

The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 due to insufficient input sanitization and output escaping on the 'Min length/characters' and 'Max...

The vulnerability of the Page and Field Configuration components of the Business Process Management tool in PeopleSoft Enterprise CC Common Application Objects of the Oracle PeopleSoft Products allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Page and Field Configuration components in the PeopleSoft Enterprise CC Common Application Objects business process management tool from the Oracle PeopleSoft Products family is related to deficiencies in access control. Exploiting this vulnerability could allow an attack...

CVE-2025-30735

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Page and Field Configuration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-27094 Tuleap allows default values to be cleared from field configuration

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

CVE-2025-27094 Tuleap allows default values to be cleared from field configuration

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

Cross site request forgery (csrf)

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version...

UBUNTU-CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

Fraction - Less critical - XSS vulnerability - SA-CONTRIB-2018-059

This module enables you to create fields for storing decimal values as two integers numerator and denominator for maximum precision. The module doesn't sufficiently filter XSS strings out of field labels. This vulnerability is mitigated by the fact that an attacker must have a role with the abili...

The color of the issue security field should be configureable or black

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36126. panel The color of the issue secuity field is red. Why? The color should be configureable or black, like other fields. I have already...

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

CSRF in the "configure custom field" Multi Checkboxes add new custom field option screen

The administration screen which facilitates the addition of new custom field options is vulnerable to csrf, as it does not check that the atltoken submitted is in fact legitimate for the user submitting it you can put in any value for the token field. To access this screen you can go to a url...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...

Moving an issue from a project with Issue Security to a project without does not clear out the security

To reproduce this issue, do the following: Create Project AAA Create Project BBB Create an Issue Level Security Scheme, and assign it to AAA only Create a Clone of the Default Field Configuration Scheme. Hide the field Security Level on the Cloned copy. Assign the Cloned copy to BBB. Create a New...