Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

CVE-2024-51877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straightvisions GmbH SV Forms sv-forms allows DOM-Based XSS.This issue affects SV Forms: from n/a through = 2.0.05...

CVE-2024-50515

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16...

CVE-2024-50514

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16...

CVE-2024-50514

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-50515

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-50514

CVE-2024-50514 affects WordPress Ninja Forms plugin versions up to and including 3.8.16, with an improper neutralization of input during page generation leading to a stored XSS vulnerability. The issue is triggered in Ninja Forms’ web page generation flow and is classified with a low to moderate ...

CVE-2024-50514 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-50514 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-50515 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-50515

CVE-2024-50515 affects the WordPress Ninja Forms plugin (versions ≤ 3.8.16). The issue is an improper neutralization of input during page generation, leading to a Stored XSS vulnerability in Ninja Forms. According to Patchstack, the vulnerability requires Administrator privileges and is classifie...

CVE-2024-50515 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through = 3.8.16...

CVE-2024-51877 WordPress SV Forms plugin <= 2.0.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straightvisions GmbH SV Forms sv-forms allows DOM-Based XSS.This issue affects SV Forms: from n/a through = 2.0.05...

CVE-2024-51877 WordPress SV Forms plugin <= 2.0.05 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straightvisions GmbH SV Forms allows DOM-Based XSS.This issue affects SV Forms: from n/a through 2.0.05...

CVE-2024-51877

CVE-2024-51877 is a DOM-based XSS vulnerability in the WordPress plugin SV Forms by straightvisions GmbH, affecting SV Forms versions up to 2.0.05. The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting. Exploitation context or in-the-wild...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

WordPress MailChimp Forms by MailMunch Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8726 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5af616af430 Credits vgo0...

WordPress plugin SV Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...