Lucene search
K

8223 matches found

OSV
OSV
added 2020/07/22 6:53 p.m.3 views

DRUPAL-CONTRIB-2020-029

The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modalform module is installed. The only requirement is to know the form's fully-qualified class name...

6.7AI score
Exploits0References1
Hacker One
Hacker One
added 2020/07/20 10:56 p.m.49 views

Nextcloud: Formula Injection vulnerability in CSV export feature

Dear Nextcloud Team – I have identified a formula injection vulnerability 12 in the CSV export feature of the Forms App. I am aware that the Forms app is not part of this bug bounty program but was advised to disclose it via hackerone anyway. Description. When a n Excel-/Calc- formula is sent as...

7.2AI score
Exploits0
OSV
OSV
added 2020/07/20 6:15 p.m.16 views

CVE-2020-15118

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

5.4CVSS5.4AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/07/20 6:15 p.m.5 views

CVE-2020-15118

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

5.7CVSS5.3AI score0.01083EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2020/07/20 6:15 p.m.5 views

PYSEC-2020-154

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

5.7CVSS6.2AI score0.01083EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2020/07/20 6:15 p.m.13 views

Cross site scripting

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...

3.5CVSS5.4AI score0.01083EPSS
Exploits0References5Affected Software1
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.13 views

Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...

6.1AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2020/06/29 7:0 p.m.29 views

Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms

With the dawn of the COVID-19 pandemic, state and federal agencies around the globe were looking at ways to modernize data intake for social services recipients. The government of a country of about 40 million citizens reached out to Microsoft and asked us to assist in this endeavor. Going...

2.3AI score
Exploits0
NVD
NVD
added 2020/06/22 6:15 p.m.12 views

CVE-2020-13426

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...

6.5CVSS0.01193EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2020/06/18 8:28 a.m.35 views

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

4.3CVSS5.6AI score0.01712EPSS
Exploits0References3
NVD
NVD
added 2020/06/08 4:15 p.m.17 views

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6.5AI score0.01712EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/06/08 4:15 p.m.37 views

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6.6AI score0.01712EPSS
Exploits0References3
Prion
Prion
added 2020/06/08 4:15 p.m.24 views

Deserialization of untrusted data

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

4.3CVSS6.3AI score0.01712EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2020/06/08 4:15 p.m.2 views

UBUNTU-CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6.3AI score0.01712EPSS
Exploits0References4
CVE
CVE
added 2020/06/08 3:43 p.m.290 views

CVE-2020-12803

CVE-2020-12803 affects The Document Foundation LibreOffice prior to 6.4.4. ODF documents with forms could submit form data to a URI; earlier behavior allowed submissions to file: URIs, enabling potential overwrites of local files. The issue is mitigated by restricting submissions to http[s] URIs ...

6.5CVSS5.8AI score0.01712EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2020/06/08 3:43 p.m.34 views

CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

6.5CVSS6AI score0.01712EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/05 4:24 p.m.6 views

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...

6.1CVSS6.7AI score0.02873EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/05 4:20 p.m.5 views

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...

5.9CVSS6.7AI score0.06041EPSS
Exploits0
CNVD
CNVD
added 2020/06/03 12:0 a.m.8 views

WordPress Gravity Forms Information Disclosure Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Gravity Forms is a form builder plugin used in it. A security vulnerability exists in the common.php file in WordPress Gravity Form...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References1
NVD
NVD
added 2020/06/02 9:15 p.m.15 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.5AI score0.0183EPSS
Exploits0References2
Rows per page
Query Builder