WordPress Gravity Forms Toolbar Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Toolbar Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56480313412d Credits Webbernaut...

WordPress Keap Official Opt-in Forms plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Keap Official Opt-in Forms versions = 2.0.3...

WordPress Zoho forms plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Zoho Forms versions = 4.0...

WordPress BSK Forms Blacklist plugin <= 3.8.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin BSK Forms Blacklist versions = 3.8.1...

WordPress Quill Forms plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Quill Forms versions = 3.7.0...

WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin NEX-Forms versions = 8.7.3...

WordPress Keap Official Opt-in Forms Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Keap Official Opt-in Forms Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47642 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bd939afd94d0 Credits stealthcopter Required...

WordPress Zoho Forms Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Forms Type Plugin Vulnerable versions = 4.0 Fixed in 4.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47633 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cd73af6a9904 Credits Trương Hữu Phúc truonghuuphuc Required...

WordPress BSK Forms Blacklist Plugin <= 3.8.1 is vulnerable to Cross Site Scripting (XSS)

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47624 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e1ac0fe32043 Credits Le Ngoc Anh Required privilege...

WordPress Quill Forms Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Quill Forms Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47393 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34a391a0728b Credits LVT-tholv2k Required privilege Contributor...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.7.3 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47389 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ed1c15130e3 Credits Le Ngoc Anh...

Malicious code in o-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25b374e8cd180dff7ae84c9c314413e3245035666189a4ba5c9e0a7fd6b1c201 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8993 Malicious code in o-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25b374e8cd180dff7ae84c9c314413e3245035666189a4ba5c9e0a7fd6b1c201 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hospital Management System 安全漏洞

Hospital Management System HMS is a computer system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A security vulnerability exists in Hospital Management System version 6.3.5 that stems from the presence of a cross-site request forgery...

WordPress Ninja Forms Contact Form plugin <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer vulnerability

Reflected Self-Based Cross-Site Scripting via Referer vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms versions = 3.8.15...

CVE-2024-3866

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866

CVE-2024-3866 refers to the Ninja Forms Contact Form plugin for WordPress, vulnerable up to version 3.8.15. The issue is a Reflected Self-Based Cross-Site Scripting via the Referer header caused by insufficient input sanitization and output escaping. It can allow unauthenticated attackers to inje...