CVE-2021-27902

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

Cross site scripting

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

CVE-2021-27902

CVE-2021-27902 affects Craft CMS prior to 3.6.0. The connected documents describe a cross-site scripting (XSS) vulnerability in a front-end form that accepts user uploads. The root cause details and exploitation specifics are not provided in the documents. Scope is limited toCraft CMS versions be...

PT-2021-11275 · Tripplite · Tripplite Su2200Rtxl2Ua

Name of the Vulnerable Software and Affected Versions: TrippLite SU2200RTXL2Ua version 12.04.0055 Description: A stored cross-site scripting XSS issue was found in the /Forms/device vars 1 endpoint. This allows authenticated attackers to obtain other users' information by sending a crafted POST...

CVE-2021-32697

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

CVE-2021-32697

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

Design/Logic Flaw

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

CVE-2021-32697

The CVE-2021-32697 issue affects the Neos Form framework (neos/forms) where a crafted GET request with a valid form state can submit a form without triggering validators. The form state is protected by an HMAC that is still verified, so exploitation requires that Form Finishers may run actions ev...

CVE-2021-32697 Form validation can be skipped

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

Neos/forms 输入验证错误漏洞

Neos/forms is an open source framework for building web forms. A security vulnerability exists in Neos/forms where the program can submit a form without invoking any validator by creating a special "GET" request that contains valid form state...

WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)

The WP Fluent Forms WordPress plugin was vulnerable to a Cross-Site Request Forgery CSRF vulnerability that could lead to Stored Cross-Site Scripting XSS...

PT-2021-14710 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names shown in job configuration forms. Attackers with...

browser-forms (>=0.0.1 <=0.0.2), express-stormpath (>=0.1.0 <=0.5.8) +4 more potentially affected by CVE-2021-23388 via forms (>=0.1.0 <=1.1.4)

forms NPM version =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.3.1, =0.0.1, =0.1.1 Source cves: CVE-2021-23388 Source advisory: OSV:GHSA-C56F-GRV3-GPFR...

GHSA-C56F-GRV3-GPFR Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Input validation

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Forms 输入验证错误漏洞

caolan forms is open source a simple program for creating, parsing and validating forms. An input validation error vulnerability exists in Forms that originates. An attacker could use this vulnerability to launch a Regular Expression Denial of Service ReDoS attack during email validation. The...

CVE-2021-23388

The CVE-2021-23388 entry concerns the caolan/forms library and its email validation regex. Affected versions are before 1.2.1 and 1.3.0 through 1.3.2, where an insecure regular expression can cause a Regular Expression Denial of Service (ReDoS), potentially consuming significant CPU and slowing o...