Lucene search
K

8221 matches found

Github Security Blog
Github Security Blog
added 2020/09/24 4:23 p.m.46 views

Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...

5.3CVSS5.1AI score0.00809EPSS
Exploits0References7Affected Software2
Contao
Contao
added 2020/09/24 12:0 a.m.69 views

Insert tag injection in forms

Date : 2020-09-24 CVE ID : CVE-2020-25768 Description It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.51 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...

5.3CVSS5AI score0.00809EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.24 views

Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field

The plugin did not correctly validate the email address field...

5CVSS3.2AI score0.01183EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/09/22 12:0 a.m.22 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. PoC http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall=wpscanpath=wpscan/wpscan.php...

4.3CVSS3.4AI score0.00593EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2020/09/22 12:0 a.m.50 views

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...

4.3CVSS4.3AI score0.00593EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/09/20 12:0 a.m.25 views

Ninja Forms < 3.4.28 - Stored Cross-Site Scripting

The plugin did not escape HTML content of fields in the submissions table, which could lead to Cross-Site Scripting issues...

5CVSS0.5AI score0.01117EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/16 4:11 p.m.3 views

DRUPAL-CORE-2020-009

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...

6.1CVSS5.6AI score0.00662EPSS
Exploits0References1
Drupal
Drupal
added 2020/09/16 12:0 a.m.90 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...

6.1CVSS0.7AI score0.00662EPSS
Exploits0References15
CNVD
CNVD
added 2020/09/14 12:0 a.m.4 views

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...

6.5CVSS6.2AI score0.00721EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/11 9:24 p.m.30 views

Malicious Package in motiv.scss

Version 0.4.20 of motiv.scss contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate yo...

4.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/11 9:23 p.m.16 views

GHSA-5W4R-WWC3-6QCP Malicious Package in precode.js

Version 1.1.1 of precode.js contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate you...

7.2AI score
Exploits0References1
OSV
OSV
added 2020/09/11 9:21 p.m.14 views

GHSA-2XW5-3767-QXVM Malicious Package in ng-ui-library

Version 1.0.987 of ng-ui-library contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...

9.8CVSS7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/11 9:14 p.m.33 views

Malicious Package in geoheat

Version 1.3.2 of geoheat contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/10 5:15 p.m.3 views

CVE-2020-9741

The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

5.4CVSS6AI score0.01884EPSS
Exploits0References1
NVD
NVD
added 2020/09/10 5:15 p.m.23 views

CVE-2020-9741

The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

9CVSS0.01884EPSS
Exploits0References1
NVD
NVD
added 2020/09/10 5:15 p.m.29 views

CVE-2020-9734

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

9CVSS0.01884EPSS
Exploits0References1
OSV
OSV
added 2020/09/10 5:15 p.m.3 views

CVE-2020-9734

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

5.4CVSS5.8AI score0.01884EPSS
Exploits0References1
OSV
OSV
added 2020/09/10 5:15 p.m.6 views

CVE-2020-9732

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

9CVSS5.8AI score0.02809EPSS
Exploits0References1
NVD
NVD
added 2020/09/10 5:15 p.m.24 views

CVE-2020-9732

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

9CVSS0.02809EPSS
Exploits0References1
Prion
Prion
added 2020/09/10 5:15 p.m.22 views

Cross site scripting

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

6CVSS8.1AI score0.02809EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder