CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

CVE-2024-39628 describes a CSRF vulnerability in the Ninja Forms WordPress plugin affecting versions

CVE-2024-43287

CVE-2024-43287 is a CSRF vulnerability in Brevo (Sendinblue) WordPress plugin forms (Newsletter, SMTP, Email marketing and Subscribe forms). The vulnerability affects Brevo forms up to version 3.1.82. The connected PT security entry recommends upgrading to 3.1.83 as the remediation. Other sources...

CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-28564 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.7 Description: A Cross-Site Request Forgery CSRF issue affects the Ninja Forms plugin, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by an attacker to perform...

CVE-2024-43408

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

PT-2024-30565 · Discourse · Discourse Placeholder Forms

Name of the Vulnerable Software and Affected Versions: Discourse Placeholder Forms affected versions not specified Description: The issue allows the creation of dynamic documentation but is affected by the injection of unsanitized and stored user input into the HTML of a post. This can potentiall...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

CVE-2024-43370 gettext.js vulnerable to cross-site scripting (XSS)

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

gettext.js has a Cross-site Scripting injection

Impact Possible vulnerability to XSS injection if .po dictionary definition files is corrupted Patches Update gettext.js to 2.0.3 Workarounds Make sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms...

CVE-2024-43233

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8...

CVE-2024-43233

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8...

CVE-2024-43233

CVE-2024-43233 is a Reflected XSS in BSK Forms Blacklist (BannerSky) plugin. The issue arises from improper input neutralization during web page generation, enabling crafted input to be reflected back to the user and potentially execute script in the victim’s browser. Affected versions are the BS...