EUVD-2020-18250

Malware in sbrugna...

EUVD-2001-0520

Malware in sbrugna...

EUVD-2005-2002

Malware in sbrugna...

EUVD-2020-7236

Malware in sbrugna...

CVE-2020-15161

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8...

CVE-2019-13448

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients...

CVE-2024-10075

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2025-3872 Privilege escalation by altering payload in contact form

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon centreon-web User configuration form modules allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its...

CVE-2020-15178

In PrestaShop contactform module prestashop/contactform before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The message field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser...

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...

CVE-2019-11761

CVE-2019-11761 affects Thunderbird (and Firefox/Firefox ESR) via an unintended access to a privileged JSONView object that has been cloned into content. The root cause is exposure of this object through a form using a data: URI, enabling access to privileged content and bypassing defense-in-depth...

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting...

osCommerce 2.3.4.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: osCommerce Add Admin User CSRF Vulnerability Exploit Author: Hesam Bazvand Contact: email protected Download Link: https://www.oscommerce.com/Products&Download=oscom2341 Tested on: Windows 10 / Kali Linux Category: WebApps...

CVE-2016-9838

An issue was discovered in components/comusers/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and...

Feng Office 1.7.4 - Cross-Site Scripting

Feng Office 1.7.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/47049/info alert0" / alert0" /...

AccStatistics 1.1 - CSRF Vulnerability (Change Admin Settings)

No description provided by source. ------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...

Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html)

No description provided by source. !-- Hi, I'm Soroush Dalili from Grayhatz Security Group GSG . I found dangerous sql injection in Maxwebportal version 1.35,1.36,2.0, 20050418 Next Remote user can inject his/her code in memKey var. and change other users password in password.asp Exploit codes to...

A.M.Y CSRF (change admin password)

Exploit for php platform in category web applications Exploit Title: A.M.Y CSRF change admin password Author: Jonturk75 Category:: webapps Demo site: http://calendarscripts.info/demos/amy/admin.php Email me when a new advertiser signs up. 0day.today 2018-04-09...

Dotclear 2.4.1.2 - adminauth.php?login_data Cross-Site Scripting

Dotclear 2.4.1.2 - adminauth.php?logindata Cross-Site Scripting source: https://www.securityfocus.com/bid/52221/info Dotclear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/46683/info Pragyan CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...