40 matches found
PT-2024-17481 · Bit Form · The Contact Form By Bit Form
Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions up to, and including, 2.17.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the "bitform-form-entry-edit" endpoint. This allows authenticated attacke...
PT-2024-18188 · Bit Form · Contact Form Builder Plugin
Name of the Vulnerable Software and Affected Versions: The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress versions up to, and including, 2.10.1 Description: The issue is related to insufficient user validation on the...
CVE-2023-0695
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...
Cross site scripting
A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to addres...
CVE-2021-4284
OpenMRS HTML Form Entry UI Framework Integration Module (up to 1.x) contains a cross-site scripting vulnerability. The affected component is tied to the Single-Input UI Framework Integration Module, with remote initiation possible and no specific affected version beyond 1.x identified in the prov...
PT-2022-11701 · Openmrs · Openmrs Html Form Entry Ui Framework Integration Module
Name of the Vulnerable Software and Affected Versions: OpenMRS HTML Form Entry UI Framework Integration Module versions up to 1.x Description: A vulnerability has been found in the OpenMRS HTML Form Entry UI Framework Integration Module, which affects an unknown part and leads to cross-site...
OpenMRS 跨站脚本漏洞
OpenMRS is an open source electronic medical record system from OpenMRS, Inc. A cross-site scripting vulnerability exists in OpenMRS openmrs-module-htmlformentryui versions prior to 2.0.0, which stems from an unknown portion of the Single-Input UI Framework Integration Module, where manipulation...
Design/Logic Flaw
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...
CVE-2020-22276
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...
Input validation
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry...
Path traversal
A remote code execution RCE vulnerability was discovered in the htmlformentry aka HTML Form Entry module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed...
CVE-2020-24621
A remote code execution RCE vulnerability was discovered in the htmlformentry aka HTML Form Entry module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed...
OpenMRS openmrs-module-htmlformentry input validation error vulnerability
OpenMRS is a U.S. OpenMRS company's set of open source electronic medical record system . openmrs-module-htmlformentry is one of the HTML form input module . An input validation error vulnerability exists in OpenMRS openmrs-module-htmlformentry version 3.3.2. The vulnerability stems from a networ...
Xxe
An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...
CVE-2018-16521
An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...
CVE-2018-16521
An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...
CVE-2018-16521
An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...
CVE-2012-2643
Cross-site scripting XSS vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry...
Cross site scripting
Cross-site scripting XSS vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry...
CVE-2012-2643
Cross-site scripting XSS vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry...