Lucene search
+L

2994 matches found

Cvelist
Cvelist
added 2022/06/06 8:51 a.m.23 views

CVE-2022-1569 WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

5.1AI score0.00565EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/06/01 8:25 p.m.45 views

Cross-site Scripting in Filter Stream Converter Application in XWiki Platform

Impact We found a possible XSS vector in the Filter.FilterStreamDescriptorForm wiki page related to pretty much all the form fields printed in the home page of the application. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to...

7.4CVSS5.7AI score0.00921EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2022/05/24 10:29 p.m.3 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via form fields. An attacker can execute arbitrary JavaScript in the context of a victim's browser by injecting malicious scripts into vulnerable...

6.5CVSS5.7AI score0.01405EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 10:29 p.m.6 views

Magento stored cross-site scripting vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...

6.5CVSS6AI score0.01405EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/16 12:0 a.m.6 views

Liferay Portal and Liferay DXP allows arbitrary injection via form field

Multiple cross-site scripting XSS vulnerabilities in Dynamic Data Mapping Form Field Type before 6.0.11 from Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's...

6.1CVSS6AI score0.00697EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/04/08 7:15 p.m.4 views

CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in passwordreminder.php when the g, id, h, formpasswordhidden, and formchange HTTP POST parameters are set...

7.5CVSS5.8AI score0.01616EPSS
Exploits1References3
NVD
NVD
added 2022/04/04 4:15 p.m.22 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS0.00644EPSS
Exploits1References2
OSV
OSV
added 2022/04/04 4:15 p.m.6 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00644EPSS
Exploits1References2
Prion
Prion
added 2022/04/04 4:15 p.m.16 views

Cross site scripting

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

3.5CVSS4.9AI score0.00644EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/04 3:35 p.m.89 views

CVE-2022-0884

CVE-2022-0884 affects the WordPress plugin Profile Builder prior to 3.6.8. The vulnerability arises from insufficient sanitization/escaping of Form Fields titles and descriptions, enabling a high-privilege user (e.g., admin) to perform stored cross-site scripting attacks even when unfiltered_html...

4.8CVSS4.9AI score0.00644EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.5 views

PT-2022-10753 · Softvibe · Softvibe Saraban For Infoma

Name of the Vulnerable Software and Affected Versions: SoftVibe SARABAN for INFOMA version 1.1 Description: The issue allows users to store scripts in certain fields, such as subject and description, of the document form, enabling stored cross-site scripting XSS. Recommendations: For SoftVibe...

5.4CVSS5.1AI score0.00809EPSS
Exploits1References7
OSV
OSV
added 2022/01/13 9:15 p.m.4 views

CVE-2021-43765

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

6.1CVSS5.8AI score0.01593EPSS
Exploits0References1
NVD
NVD
added 2022/01/13 9:15 p.m.22 views

CVE-2021-44177

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

8.1CVSS0.01593EPSS
Exploits0References1
OSV
OSV
added 2022/01/13 9:15 p.m.5 views

CVE-2021-43761

AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

5.4CVSS6AI score0.01071EPSS
Exploits0References1
Prion
Prion
added 2022/01/13 9:15 p.m.22 views

Cross site scripting

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS6AI score0.01593EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/01/13 9:15 p.m.29 views

Cross site scripting

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS6AI score0.01593EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/13 8:27 p.m.21 views

CVE-2021-44177 Adobe Experience Manager Stored XSS in user name parameter in the package manager

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

8.1CVSS7.5AI score0.01593EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/01/05 12:0 a.m.9 views

Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create/Edit a form and put the following payload in a Filed Name or...

2.4AI score0.00536EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.156 views

NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...

4.8CVSS5AI score0.00305EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2021/11/08 9:15 p.m.4 views

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References2
Rows per page
Query Builder