CVE-2026-44199

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...

PT-2025-35443

Name of the Vulnerable Software and Affected Versions: deepakmisal24 Chemical Inventory Management System version 1.0 Description: A vulnerability exists in deepakmisal24 Chemical Inventory Management System version 1.0. Manipulation of the chem name argument in the /inventory form.php file can...

CVE-2020-15118

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

CVE-2020-15118 Cross-Site Scripting in Wagtail

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

CVE-2020-15118

CVE-2020-15118 affects Wagtail versions before 2.7.4 and 2.9.3, where HTML in form field help_text can be rendered unescaped when using Django form rendering helpers (e.g., form.as_p). This enables potential cross-site scripting via editor-controlled help text. Patches are available: Wagtail 2.7....

Cross-site Scripting (XSS)

HAPI FHIR TestPage Overlay is vulnerable to cross-site scripting XSS. The parameters passed through the HTTP request to be displayed in a form page are not sanitized, allowing an attacker to inject a malicious script...

Cross-site Scripting

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...

CVE-2015-8815

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...