8222 matches found
Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...
WordPress Constant Contact Forms plugin <= 1.8.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities found by Nguyen Anh Tien SunCSR in WordPress Constant Contact Forms plugin versions = 1.8.7. Solution Update the WordPress Constant Contact Forms plugin to the latest available version at least 1.8.8...
GHSA-J4CH-MW66-XMQV Malicious Package in pensi-scheduler
Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
Malicious Package in pensi-scheduler
Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
Malicious Package
modlibrary is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
json-serializer is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
jasmin is a malicious package. The library contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
dynamo-schema is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package in react-dates-sc
Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...
GHSA-2Q6W-RXF3-4WC9 Malicious Package in codify
Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you will want...
CVE-2020-17465
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6...
free-business-forms.com Cross Site Scripting vulnerability OBB-1283458
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
forms-world.com Cross Site Scripting vulnerability OBB-1283131
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues
Throughout the plugin’s code, security nonces can be bypassed because they are only checked if they are set...
Contact Form - Form builder by Kali Forms < 2.1.2 - Unauthenticated Arbitrary Post Deletion
The plugin registers the kaliformsformdeleteuploadedfile AJAX action to call the "deletefile" function, and makes it accessible to all users, authenticated or not...
Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change
The kaliformsupdateoptionajax AJAX action lacks capability and proper CSRF checks, allowing low privilege authenticated users to change or delete the plugin's settings...
VulnCheck KEV: CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
svelte-forms-lib (>=1.1.1 <=1.3.2) potentially affected by CVE-2020-7707 via property-expr (=2.0.2)
property-expr NPM version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on property-expr and may be impacted: - svelte-forms-lib =1.1.1, =1.3.2 Source cves: CVE-2020-7707 Source advisory: SNYK:JS-PROPERTYEXPR-598800...
Umbraco Forms Code Issue Vulnerability
Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms all versions. An attacker can exploit the vulnerability to upload arbitrary types of files...
DRUPAL-CONTRIB-2020-029
The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modalform module is installed. The only requirement is to know the form's fully-qualified class name...