8227 matches found
CVE-2021-40722
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...
CVE-2021-40722
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...
Xxe
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...
CVE-2021-40722 AEM Forms Improper Restriction of XML External Entity Reference
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...
CVE-2021-40722
Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...
WordPress everest-forms plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS
The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...
CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...
WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...
WordPress NEX-Forms plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...
WordPress Caldera Forms Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101996)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Caldera Forms Plugin is a WordPress open source application plugin. WordPress Caldera Forms Plugins prior to 1.9.5...
Adobe Experience Manager Input Validation Error Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2022-05443)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager Code Issue Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...
Information exposure in elgg
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Forms in the view namespace 'forms/admin' were not protected by an AdminGatekeeper in case of AJAX requests to 'ajax/form/admin/'...
CVE-2021-24896
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24896
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...