CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...

Avada < 7.4.2 - Stored Cross-Site Scripting

Description The Avada Forms component allowed unescaped HTML form entries to be loaded on the backend...

CVE-2021-38335

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38335

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

Cross site scripting

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

CVE-2021-38335

The CVE-2021-38335 entry relates to the WordPress plugin Wise Agent Capture Forms (

CVE-2021-38335 Wise Agent Capture Forms <= 1.0 Reflected Cross-Site Scripting

The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Wise Agent Capture Forms, which stems from the vulnerability of version 1.0 of the Wise Agent Capture Forms WordPress plugin to reflected cross-site scripting...

WordPress Wise Agent Lead Capture Forms plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Wise Agent Lead Capture Forms plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

Wise Agent Capture Forms <= 1.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts...

CVE-2021-24513

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed...

CVE-2021-24513

Affected software: WordPress Form Builder plugin (pre-1.9.8.4). Vulnerability: Authenticated stored XSS via unsanitized/unsted Form Title. Root cause: Form Title not sanitized/escaped, enabling injection by privileged users (e.g., admin). Impact: Client-side script execution in admin context; aff...

Cross-site Request Forgery (CSRF) in joplin

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...

WordPress GetPaid payments plugin 2.4.6 - HTML Injection Vulnerability

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress Payments Plugin |...

WordPress GetPaid 2.4.6 HTML Injection

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Date: 29/08/2021 Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress...

WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection

Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection Date: 29/08/2021 Exploit Author: Niraj Mahajan Software Link: https://wordpress.org/plugins/invoicing/ Version: 2.4.6 Tested on Windows Steps to Reproduce: 1. Install Wordpress 5.8 2. Install and Activate "WordPress...

Form Tools 跨站脚本漏洞

A cross-site scripting vulnerability exists in Form Tools 3.0.20 and earlier. An attacker could use the submissionid parameter to trigger a stored cross-site scripting attack when viewing a form...

Design/Logic Flaw

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from...

DRK Odenwaldkreis Testerfassung 跨站脚本漏洞

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and recording rapid test results for corona antigens.A cross-site scripting vulnerability exists in DRK Odenwaldkreis Testerfassung March-2021, which can be exploited by attackers to inject arbitrary web script or HTML via a...

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields 🕵️‍♂️ Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 💥 Impact XSS attacks can...