Foxit Reader和Foxit PhantomPDF 安全漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 contain a security vulnerability that could be exploited by an attacker to invoke the stack via a recursive function during the processing of XFA for...

Tecknodreams SapphireIMS 跨站请求伪造漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified Enterprise Service Management System from Tecknodreams India. Sapphire IMS 5.0 has a cross-site request forgery vulnerability that stems from the absence of CSRF tokens throughout the application in Sapphire IMS 5.0. This could lead to a CSRF...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

CVE-2021-24505

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field...

CVE-2021-24505

The CVE-2021-24505 entry corresponds to a Stored XSS in the WordPress Forms plugin prior to v1.12.3, caused by the plugin failing to sanitise input in the Add New field. The vulnerability is authenticated (requires user login) and stored, with an attacker potentially injecting script that could e...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin Forms before 1.12.3, which stems from the form's "Ad...

Liferay Portal 和 Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application. Joplin suffers from a security vulnerability that allows XSS to pass through buttons and forms in the notes body...

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.

...

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form ie...

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

This module provides a user interface that allows the implementation and use of Form modes without custom development. The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes. This vulnerability is mitigated by the fact that an...

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...

WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...