Lucene search
K

33 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-41053

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-34097

CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...

4.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday29 views

CVE-2026-34097 Guardian Language-System XSS via id Parameter in text_file.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS
Exploits0References2
NVD
NVD
added 2026/05/20 2:16 a.m.16 views

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS6AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31023

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS6AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.9 views

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

6.5CVSS6.8AI score0.0027EPSS
Exploits2
OSV
OSV
added 2024/08/08 4:17 a.m.3 views

CVE-2024-6254

The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public...

6.1CVSS5.6AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/05/23 2:41 p.m.6 views

GHSA-W8FQ-XGVH-CXC2 Silverstripe Forum Module CSRF Vulnerability

A number of form actions in the Forum module are directly accessible. A malicious user e.g. spammer can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting i...

5.3CVSS7.1AI score
Exploits0References5
NVD
NVD
added 2023/12/04 10:15 p.m.11 views

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

6.5CVSS0.0027EPSS
Exploits2References1
Prion
Prion
added 2023/12/04 10:15 p.m.12 views

Cross site request forgery (csrf)

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

4.3CVSS7.1AI score0.0027EPSS
Exploits2References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/10/31 2:18 a.m.4 views

SUSE CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS7.7AI score0.01412EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/27 10:15 p.m.4 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6AI score0.01412EPSS
Exploits1References3
OSV
OSV
added 2023/10/27 10:15 p.m.0 views

DEBIAN-CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.8AI score0.01412EPSS
Exploits1References1
NVD
NVD
added 2023/10/27 10:15 p.m.17 views

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6.6AI score0.01412EPSS
Exploits1References2
Prion
Prion
added 2023/10/27 10:15 p.m.19 views

Sql injection

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

4CVSS6.6AI score0.01412EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/10/27 10:15 p.m.1 views

UBUNTU-CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

6.5CVSS6AI score0.01412EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.2 views

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A SQL injection vulnerability exists in Cacti v1.2.25, which stems from...

6.5CVSS7.7AI score0.01412EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-30050 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue allows a remote attacker to obtain sensitive information via the form actions function in the managers.php file. Recommendations: For Cacti version 1.2.25, consider disabling the form actions functi...

8.8CVSS7.2AI score0.84628EPSS
Exploits9References37
OSV
OSV
added 2023/02/17 3:15 p.m.2 views

CVE-2023-24388

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

5.4CVSS6.1AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder