Lucene search
K

8227 matches found

OSV
OSV
added 2022/01/13 9:15 p.m.5 views

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

9.8CVSS6AI score0.03273EPSS
Exploits0References1
NVD
NVD
added 2022/01/13 9:15 p.m.20 views

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

9.8CVSS0.03273EPSS
Exploits0References1
Prion
Prion
added 2022/01/13 9:15 p.m.28 views

Xxe

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

7.5CVSS9.4AI score0.03273EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/13 8:27 p.m.31 views

CVE-2021-40722 AEM Forms Improper Restriction of XML External Entity Reference

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

9.8CVSS9.7AI score0.03273EPSS
Exploits0References1
CVE
CVE
added 2022/01/13 8:27 p.m.83 views

CVE-2021-40722

Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...

9.8CVSS9.5AI score0.03273EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2021/12/26 12:0 a.m.19 views

WordPress everest-forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

6.1CVSS1.9AI score0.00907EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/12/23 12:0 a.m.22 views

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS1.3AI score0.0081EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/12/22 12:0 a.m.20 views

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...

1.9AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/21 8:45 a.m.19 views

CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

6.3AI score0.00907EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

6.1CVSS5.2AI score0.00907EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/12/21 12:0 a.m.23 views

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

6.1CVSS1.7AI score0.01109EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2021/12/18 12:0 a.m.28 views

WordPress NEX-Forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...

4.8CVSS1AI score0.00305EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/18 12:0 a.m.30 views

WordPress Caldera Forms Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101996)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Caldera Forms Plugin is a WordPress open source application plugin. WordPress Caldera Forms Plugins prior to 1.9.5...

4.8CVSS1.2AI score0.00598EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.28 views

Adobe Experience Manager Input Validation Error Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...

6.5CVSS7.7AI score0.01631EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.22 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2022-05443)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

8CVSS6.4AI score0.01071EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.29 views

Adobe Experience Manager Code Issue Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

9.8CVSS9.6AI score0.03273EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2021/12/16 7:8 p.m.19 views

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

0.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/12/16 3:30 p.m.26 views

Information exposure in elgg

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Forms in the view namespace 'forms/admin' were not protected by an AdminGatekeeper in case of AJAX requests to 'ajax/form/admin/'...

7.5CVSS4.2AI score0.01547EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24896

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.11 views

CVE-2021-24896

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00598EPSS
Exploits2References1
Rows per page
Query Builder