Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...

CVE-2024-32527

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1...

CVE-2024-32510

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

CVE-2024-32130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...

CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...

CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...

CVE-2024-32510 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

CVE-2024-32527

CVE-2024-32527 affects the Jotform Online Forms WordPress plugin (versions up to and including 1.3.1). The issue is Stored Cross‑Site Scripting caused by insufficient input sanitization and output escaping in shortcode attributes, exploitable by authenticated users with contributor level access a...

CVE-2024-32527 WordPress Jotform Online Forms plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1...

CVE-2023-36505

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...

CVE-2023-36505

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...

CVE-2023-36505 WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...

CVE-2023-36505 WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...

CVE-2024-32509

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...

CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...

CVE-2024-32509

Technical details about CVE-2024-32509 (WP Cost Estimation & Payment Forms Builder) are not publicly provided in the supplied documents. Monitor for updates.

CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76...

WordPress Plugin Jotform Online Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin Ninja Forms Contact Form 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

PT-2024-24646 · Jotform · Jotform Online Forms

Name of the Vulnerable Software and Affected Versions: Jotform Online Forms versions 1.3.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicio...