php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2023-49856

Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84...

CVE-2023-49856

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

CVE-2023-49856 WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through = 2.6.84...

Malicious code in Gunа.Forms.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

WordPress Fluent Forms plugin < 5.2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin FluentForm versions 5.2.1...

CVE-2024-9651

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9651

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9651 Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9651 Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9651

CVE-2024-9651 relates to the Fluent Forms WordPress plugin, prior to version 5.2.1, where insufficient sanitization/escaping of certain plugin settings permits stored XSS. The issue can be exploited by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-11367

The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-11367 Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting

The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-11367

CVE-2024-11367 : The Smoove connector for Elementor forms (WordPress) suffers a reflected XSS due to unescaped add_query_arg usage in URLs for all versions up to 4.1.0. Exploitation requires user interaction (tricking a user into clicking a link), with unauthenticated attackers capable of injecti...

CVE-2024-11367 Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting

The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary...