JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. A security vulnerability exists in Jquery Form Builder that stems from a generated form that allows a remote, authenticated attacker to bypass authentication and access the administrative portion of other forms hosted ...

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. PoC Execute the below command in the web...

Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The plugin does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. Execute the below command in the web develop...

Cross-site Scripting in Drupal Core

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

CVE-2021-46362

A Server-Side Template Injection SSTI vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter...

UBUNTU-CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

Foxit PDF Reader和Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit China, a PDF reader and a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor due to a failure to effectively restrict memory boundaries when handling XFA. An attacker could exploit this vulnerabilit...

PT-2022-12670 · Magnolia · Magnolia

Name of the Vulnerable Software and Affected Versions: Magnolia versions prior to 6.2.3 Description: A Server-Side Template Injection SSTI issue in the Registration and Forgotten Password forms allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter...

Foxit PDF Reader XFA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

AlmaLinux 8 : libreoffice (ALSA-2020:4628)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the...

Denial Of Service (DoS)

django is vulnerable to denial of service. An attacker is able to input malicious multipart forms, resulting in an infinite loop when parsing files causing an application crash...

CVE-2022-23833

A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files...

Django 代码问题漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. A code issue vulnerability exists in Django, which stems from an error in the product's MultiPartParse...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

Cross-site Scripting in livehelperchat

Stored XSS attacks exist in new the form creation flow. New forms can be given a title which will render javascript...

Mageia: Security Advisory (MGASA-2016-0413)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in ModuleFormsList of formsNew. Use payload constructor.constructor'alert1' while creating form, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept Impact Through this vulnerability, an attacker ...

WordPress Easy Forms for Mailchimp plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Easy Forms for Mailchimp plugin for...

WordPress Easy Forms for Mailchimp Plugin < 6.8.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...