Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10147515)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

APSB23-77 : Security update available for Adobe Experience Manager Forms

Adobe has released security updates for AEM Forms on JEE versions 6.5.19.0 and earlier. This dependency update resolves a critical vulnerability that could lead to arbitrary code execution...

CVE-2023-49841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3...

CVE-2023-49841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3...

CVE-2023-49841

CVE-2023-49841 describes a Stored XSS in the Optin Forms – Simple List Building Plugin for WordPress (vulnerable up to 1.3.3/1.3.6 per sources). The root cause is improper input sanitization/output escaping in admin/settings-related paths, enabling authenticated attackers (Administrator) to injec...

CVE-2023-49841 WordPress Optin Forms Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3...

WordPress and WordPress plugin cross-site scripting vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Scammers Weaponize Google Forms in New BazarCall Attack

By Waqas BazarCall Evolves: Unraveling the Complexities of Google Forms in the Latest Phishing Tactics! This is a post from HackRead.com Read the original post: Scammers Weaponize Google Forms in New BazarCall Attack...

BazaCall Phishing Scammers Now Leveraging Google Forms for Deception

The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a...

Jenkins PaaSLane Estimate Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Umbraco Cross-Site Scripting Vulnerability

Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. Umbraco suffers from a cross-site scripting vulnerability that originates from a user with access to specific parts of the backend being able to inject HTML code into unwanted forms...

PT-2023-7898 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Optin Forms – Simple List Building Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

Smart Forms < 2.6.85 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in an AJAX action hooked to smartformssavesettings, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary options such as defaultrole and...

Piotnet Forms < 1.0.29 - Unauthenticated Arbitrary File Upload

Description The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary file...

CVE-2023-47779

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

CVE-2023-35909

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...

CVE-2023-35909

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...

CVE-2023-47779

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

Denial of service

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...