Adobe: AEM forms XXE Vulnerability

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE. CVE: CVE-2021-40722 Ref: https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html We...

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

Arbitrary file deletion

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

CVE-2021-37334

Umbraco Forms versions 4.0.0 through 8.7.5 (and older) are vulnerable to remote code execution and arbitrary file deletion due to file-extension validation occurring after files are stored in a temporary directory (%BASEDIR%/APP_DATA/TEMP/FileUploads/). The web.config protections restricting this...

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

Cross-site Request Forgery (CSRF)

joplin is vulnerable to cross-site request forgery. Lack of CSRF checks in various forms allows an authenticated user to unknowingly perform unwanted action on malicious website...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms versions 4.0.0 through 8.7.5, which can be exploited by an attacker to execute remote code and delete arbitrary files...

CVE-2021-23431

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

CVE-2021-24524

The CVE-2021-24524 vulnerability affects the WordPress GiveWP plugin prior to version 2.12.0. The issue is an authenticated stored XSS in the Donation Level setting of Donation Forms, caused by insufficient escaping, enabling a high-privilege user to inject payloads. Impact is described as cross-...

CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

Foxit Reader and Foxit PhantomPDF Denial of Service Vulnerability

Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 contain a security vulnerability that could be exploited by an attacker to invoke the stack via a recursive function during the processing of XFA for...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2020-25562

In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2021-38569

Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...

Foxit Reader和Foxit PhantomPDF 安全漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 contain a security vulnerability that could be exploited by an attacker to invoke the stack via a recursive function during the processing of XFA for...