WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Torro Forms plugin versions = 1.0.16. Solution Deactivate and delete. No reply from the vendor...

GHSA-FCG8-MG9G-6HC4 .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....

.NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....

CVE-2022-27558

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

Cross site scripting

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

PT-2022-23848 · Claroline · Claroline

Name of the Vulnerable Software and Affected Versions: Claroline versions 13.5.7 and prior Description: The issue allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. This can be achieved by combining an XSS vulnerability present in several uploa...

August 25, 2022-KB5016594 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11

August 25, 2022-KB5016594 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11 Release Date: August 25, 2022 Version: .NET Framework 3.5 and 4.8 The August 25, 2022 update for Windows 11 includes cumulative reliability improvements in .NET Framework 3.5 and 4.8. We recommend th...

CVE-2022-2594

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...

Do You Know If Your Web Forms Are Secure?

By Owais Sultan Knowing if your forms are secure is a tricky one. Do you know if your front door is… This is a post from HackRead.com Read the original post: Do You Know If Your Web Forms Are Secure?...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201

CVE-2022-33201 affects the WordPress MailerLite – Signup forms (official) plugin, version 1.5.7 and earlier. The root cause is a missing CSRF check when updating the API key, enabling an attacker to change the API key via CSRF as described in multiple sources. The vulnerability is reported to imp...

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...