7 matches found
EUVD-2026-26764
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116
This module provides the ability to convert any entity form into a simple multi-step form. The module doesn’t sufficiently filter certain user-provided text leading to a cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
DRUPAL-CONTRIB-2024-071
This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...
March 22, 2017—KB4016637 (OS Build 10240.17320)
None None...
March 22, 2017—KB4016636 (OS Build 10586.842)
None None...
DEBIAN-CVE-2016-5730
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...
UBUNTU-CVE-2016-5730
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...