CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...

Informatica: Store XSS on Informatica University via transcript (informatica.csod.com)

Hi, Vulnerable field: Training Description Steps to reproduce: 1. Login to your account and go Informatica University. 2. You can either click on "My Training" or "Universal Profile" at the upper right hand corner of the page. 3. You will then be redirected to the Universal profile bio page, clic...

Fuse Talk vulnerability

e-zonemedia's Fuse Talk is vulnerable to malicious SQL. Improper form sanitization makes it possible for any user to manipulate data as she feels fit. On the sign up form join.cfm is possible to pass a well crafted form variable to the action template it's the same template subsequently join.cfm...