8221 matches found
Contao Insert tag injection in forms
Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...
Insert tag injection in forms
Date : 2020-09-24 CVE ID : CVE-2020-25768 Description It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.51 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...
Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field
The plugin did not correctly validate the email address field...
Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation
The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. PoC http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall=wpscanpath=wpscan/wpscan.php...
Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation
The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...
Ninja Forms < 3.4.28 - Stored Cross-Site Scripting
The plugin did not escape HTML content of fields in the submissions table, which could lead to Cross-Site Scripting issues...
DRUPAL-CORE-2020-009
Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...
Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...
SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability
SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...
Malicious Package in motiv.scss
Version 0.4.20 of motiv.scss contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate yo...
GHSA-5W4R-WWC3-6QCP Malicious Package in precode.js
Version 1.1.1 of precode.js contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate you...
GHSA-2XW5-3767-QXVM Malicious Package in ng-ui-library
Version 1.0.987 of ng-ui-library contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...
Malicious Package in geoheat
Version 1.3.2 of geoheat contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...
CVE-2020-9741
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9741
The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9734
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9734
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...
CVE-2020-9732
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
CVE-2020-9732
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...
Cross site scripting
The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...