8214 matches found
WordPress plugin Flo Forms - Easy Drag & Drop Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms Plugin < 3.1.61 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendinblue:newsletter%2csmtp%2cemailmarketingandsubscribe"; ...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms Plugin < 3.1.25 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendinblue:newsletter%2csmtp%2cemailmarketingandsubscribe"; ...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms Plugin < 3.1.31 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendinblue:newsletter%2csmtp%2cemailmarketingandsubscribe"; ...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-100302)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)
Software Flo Forms Type Plugin Vulnerable versions = 1.0.40 Fixed in 1.0.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35095 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80a812c3a1fb Credits yuyudhn Required privilege...
GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
Cross site request forgery (csrf)
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
CVE-2023-2563 relates to the WordPress plugin WordPress Contact Forms by Cimatti. It is a Cross-Site Request Forgery (CSRF) vulnerability in versions up to and including 1.5.7 caused by missing/incorrect nonce validation in the function _accua_forms_form_edit_action. This flaw allows unauthentica...
PT-2023-3359 · Apache +1 · Apache Struts +1
Name of the Vulnerable Software and Affected Versions: Apache Struts versions through 2.5.30 Apache Struts versions through 6.1.2 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a denial of service via out of memory OOM due to no...
WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2563 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 97f12f8b32ae Credits Marco...
WordPress Contact Forms by Cimatti < 1.5.8 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...