Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

CVE-2020-27851

CVE-2020-27851 concerns a vulnerability in a paid add-on for Gravity Forms (before 2.4.21) where stored HTML injection can be triggered through poll or quiz answers. The issue allows remote attackers to inject arbitrary HTML code, which would be interpreted by users with privileged roles (Adminis...

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

CVE-2020-27852

The CVE-2020-27852 entry concerns Gravity Forms, a WordPress plugin, with a stored XSS in the survey feature exploitable via a textarea field before version 2.4.21. Affected: Gravity Forms (plugin) prior to 2.4.21. Root cause: unescaped/incorrect handling of textarea input in the survey feature t...

CVE-2020-27850

Gravity Forms (Rocketgenius) stored XSS via the forms import feature, affecting versions prior to 2.4.21. The vulnerability allows an attacker to inject arbitrary script/HTML that is then interpreted by users with privileged roles (Administrator, Editor, etc.). Root cause is improper handling of ...

CVE-2020-27850

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

GHSA-QJHR-C23F-W76Q Inline JS XSS vulnerability in Mautic

Impact Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. Patches Upgrade to 2.12.0 or later. Workarounds None References https://github.com/mautic/mautic/releases/tag/2.12.0 For mo...

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers...

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the textarea field...

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via imported GF forms...

WordPress Ultimate Member Plugin <= 2.1.12 Deprecated UM Forms Field Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

GHSA-WJX2-7HQQ-8H7M rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms...

Umbrella_android - Digital And Physical Security Advice App

Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email;...

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via nested forms. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and...

Cross-Site Scripting (XSS)

railsadmin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via nested forms...

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

Design/Logic Flaw

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...