26 matches found
Missing Authorization
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the DataHandler. An attacker can execute unauthorized database queries and gain elevated privileges by directly manipulating form definition records, bypassin...
CVE-2024-36043
questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...
CVE-2024-36043
questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...
CVE-2024-36043
questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...
CVE-2024-36043
questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...
CVE-2024-36043
questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...
CVE-2024-36043
The CVE-2024-36043 issue affects SurveyJS Form Library prior to 1.10.4, where question_image.ts allows a contentMode=youtube XSS through the imageLink property. The documented impact is Cross Site Scripting via imageLink, requiring contentMode=youtube to exploit. Mitigation: upgrade to version 1....
SurveyJS Form Library 安全漏洞
SurveyJS Form Library is a free client-side component of SurveyJS open source using the MIT license. A security vulnerability exists in SurveyJS Form Library versions prior to 1.10.4 that stems from allowing cross-site scripting attacks via the imageLink attribute...
PT-2024-26860 · Unknown · Surveyjs Form Library
Name of the Vulnerable Software and Affected Versions: SurveyJS Form Library versions prior to 1.10.4 Description: The issue allows for contentMode=youtube XSS via the imageLink property in the question image.ts file. This can lead to a potential XSS attack when the contentMode is set to youtube...
SUSE CVE-2009-3236
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
Django is vulnerable to Denial of Service attack in formset
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
Django is vulnerable to Denial of Service attack in formset
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 (KB5002113)
Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 KB5002113 Summary This security update resolves a Microsoft Word remote code execution vulnerability, Microsoft Office remote code execution vulnerability, and Microsoft SharePoint Server remote code...
CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
PYSEC-2013-17
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
PYSEC-2013-17
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
Design/Logic Flaw
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...
CVE-2013-0306
The CVE-2013-0306 issue affects Django forms: the formset handling in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not enforce resource limits correctly due to a modified max_num parameter. This can allow remote attackers to bypass intended formset limits...