HTML Injection

Umbraco Forms is vulnerable to HTML Injection. The vulnerability is due to lack of HTML encoding due to user-provided form values being directly embedded into emails without proper sanitization, enabling potential spoofing or bypass of email security systems...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-13940

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitra...

CVE-2024-13940

CVE-2024-13940: Ninja Forms Webhooks for WordPress

CVE-2024-13940 Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitra...

CVE-2024-13940 Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitra...

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload...

PT-2025-21141 · WordPress · Ninja Forms Webhooks

Name of the Vulnerable Software and Affected Versions: Ninja Forms Webhooks plugin for WordPress versions up to, and including, 3.0.7 Description: The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the we...

WordPress plugin Ninja Forms Webhooks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Ninja Forms Webhooks plugin <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook vulnerability

Authenticated Admin+ Server-Side Request Forgery via Form Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Ninja Forms Webhooks versions = 3.0.7...

Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

GHSA-2QRJ-G9HQ-CHPH Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Impact The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address potentially bypassing spam and email client security systems...

Cross-site Scripting (XSS)

org.graylog2:graylog2-server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insecure input handling due to the ability to inject and submit malicious HTML forms via the Event Definition Remediation Step field, which can result in session cookie theft under specific...

CVE-2025-47280

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

CVE-2025-47280

Umbrao Forms HTML injection : The Send email workflow in Umbraco Forms (versions 7.x through just before 13.4.2 and 15.1.2) does not HTML-encode user-provided field values, allowing potential email spoofing or bypass of security checks. Affected forms can patch by updating to 13.4.2 or 15.1.2, or...

CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workfl...

Cross-Site Scripting (XSS)

mezzanine is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "View Entries" feature within the Forms module, which allows an attacker to inject malicious scripts that execute in the context of another user's session...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...