Lucene search
K

8222 matches found

wpexploit
wpexploit
added 2020/09/06 12:0 a.m.535 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...

5.3AI score0.00654EPSS
Exploits2References1
Patchstack
Patchstack
added 2020/09/06 12:0 a.m.14 views

WordPress Constant Contact Forms plugin <= 1.8.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities found by Nguyen Anh Tien SunCSR in WordPress Constant Contact Forms plugin versions = 1.8.7. Solution Update the WordPress Constant Contact Forms plugin to the latest available version at least 1.8.8...

2.4AI score
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/03 7:16 p.m.11 views

GHSA-J4CH-MW66-XMQV Malicious Package in pensi-scheduler

Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 7:16 p.m.24 views

Malicious Package in pensi-scheduler

Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/09/02 5:13 a.m.15 views

Malicious Package

modlibrary is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

2AI score
Exploits0
Veracode
Veracode
added 2020/09/02 4:45 a.m.11 views

Malicious Package

json-serializer is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

1.5AI score
Exploits0
Veracode
Veracode
added 2020/09/02 2:44 a.m.7 views

Malicious Package

jasmin is a malicious package. The library contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

1.8AI score
Exploits0
Veracode
Veracode
added 2020/09/02 2:13 a.m.9 views

Malicious Package

dynamo-schema is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

1.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/01 8:32 p.m.34 views

Malicious Package in react-dates-sc

Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...

6.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/01 7:49 p.m.14 views

GHSA-2Q6W-RXF3-4WC9 Malicious Package in codify

Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you will want...

9.8CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2020/08/31 4:15 p.m.4 views

CVE-2020-17465

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6...

6.1CVSS6.4AI score0.00717EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2020/08/29 6:40 a.m.10 views

free-business-forms.com Cross Site Scripting vulnerability OBB-1283458

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/28 8:16 p.m.60 views

forms-world.com Cross Site Scripting vulnerability OBB-1283131

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/08/21 12:0 a.m.10 views

Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues

Throughout the plugin’s code, security nonces can be bypassed because they are only checked if they are set...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/21 12:0 a.m.18 views

Contact Form - Form builder by Kali Forms < 2.1.2 - Unauthenticated Arbitrary Post Deletion

The plugin registers the kaliformsformdeleteuploadedfile AJAX action to call the "deletefile" function, and makes it accessible to all users, authenticated or not...

4.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/21 12:0 a.m.15 views

Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change

The kaliformsupdateoptionajax AJAX action lacks capability and proper CSRF checks, allowing low privilege authenticated users to change or delete the plugin's settings...

5.3AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2020/08/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

7.1CVSS7AI score0.00793EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2020/08/17 2:48 p.m.6 views

svelte-forms-lib (>=1.1.1 <=1.3.2) potentially affected by CVE-2020-7707 via property-expr (=2.0.2)

property-expr NPM version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on property-expr and may be impacted: - svelte-forms-lib =1.1.1, =1.3.2 Source cves: CVE-2020-7707 Source advisory: SNYK:JS-PROPERTYEXPR-598800...

9.8CVSS7.2AI score0.03376EPSS
Exploits1
CNVD
CNVD
added 2020/07/30 12:0 a.m.3 views

Umbraco Forms Code Issue Vulnerability

Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms all versions. An attacker can exploit the vulnerability to upload arbitrary types of files...

7.5CVSS7.1AI score0.00902EPSS
Exploits0References1
OSV
OSV
added 2020/07/22 6:53 p.m.3 views

DRUPAL-CONTRIB-2020-029

The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modalform module is installed. The only requirement is to know the form's fully-qualified class name...

6.7AI score
Exploits0References1
Rows per page
Query Builder