613 matches found
silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...
GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...
CVE-2024-32866
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-32866
CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...
CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function
Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...
CVE-2024-24105
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php...
CVE-2024-24105
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php...
PT-2024-20273 · Unknown · Code-Projects Computer Science Time Table System
Name of the Vulnerable Software and Affected Versions: Code-projects Computer Science Time Table System version 1.0 Description: The issue allows attackers to run arbitrary code via the "adminFormvalidation.php" endpoint. This can be exploited by injecting malicious SQL code, potentially leading ...
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...
GHSA-8R93-59CF-358F CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier does not require POST requests for a form validation endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. GitLab Branch Source Plugin...
PT-2024-1421 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL. Th...
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...
GHSA-PHJQ-7XQP-2526 Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...
GHSA-4G5F-W3MH-W99M Jenkins Nexus Platform Plugin missing permission check
Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another...
CVE-2023-41944
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...
CVE-2023-41944
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...
CVE-2023-41100
An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...
GHSA-223M-PGCQ-F3XG Jenkins Fortify Plugin HTML injection vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...