8220 matches found
CVE-2020-36190
RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...
CVE-2020-36190
The CVE-2020-36190 case affects the RailsAdmin (rails_admin) gem prior to 1.4.3 and 2.x prior to 2.0.2, exposing a cross-site scripting (XSS) vulnerability via nested forms. Root cause is unvalidated input in nested form handling, enabling injected scripts to be rendered in the browser. The impac...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
Cross site request forgery (csrf)
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
Input validation
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
Code injection
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...
CVE-2020-36173
The CVE-2020-36173 entry concerns the WordPress Ninja Forms plugin before version 3.4.28. Connected sources confirm a vulnerability in the submissions-table fields due to missing escaping, allowing potential Cross‑Site Scripting (XSS). The core issue is improper escaping of HTML content in submis...
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...
CVE-2020-36175
The CVE-2020-36175 entry concerns the WordPress Ninja Forms plugin prior to version 3.4.27.1. Connected documents confirm a vulnerability where the email field can bypass validation, enabling input that should be rejected by the form’s validation logic. The affected component is the Ninja Forms W...
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36174
CVE-2020-36174 affects the WordPress Ninja Forms plugin prior to version 3.4.27.1. The vulnerability is CSRF through the plugin’s services integration, enabling an attacker to trigger actions on behalf of an authenticated user. Public sources in the connected set corroborate that this issue is ro...