8223 matches found
DRUPAL-CONTRIB-2020-029
The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modalform module is installed. The only requirement is to know the form's fully-qualified class name...
Nextcloud: Formula Injection vulnerability in CSV export feature
Dear Nextcloud Team – I have identified a formula injection vulnerability 12 in the CSV export feature of the Forms App. I am aware that the Forms app is not part of this bug bounty program but was advised to disclose it via hackerone anyway. Description. When a n Excel-/Calc- formula is sent as...
CVE-2020-15118
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
CVE-2020-15118
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
PYSEC-2020-154
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
Cross site scripting
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...
Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms
With the dawn of the COVID-19 pandemic, state and federal agencies around the globe were looking at ways to modernize data intake for social services recipients. The government of a country of about 40 million citizens reached out to Microsoft and asked us to assist in this endeavor. Going...
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
Deserialization of untrusted data
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
UBUNTU-CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
CVE-2020-12803
CVE-2020-12803 affects The Document Foundation LibreOffice prior to 6.4.4. ODF documents with forms could submit form data to a URI; earlier behavior allowed submissions to file: URIs, enabling potential overwrites of local files. The issue is mitigated by restricting submissions to http[s] URIs ...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...
WordPress Gravity Forms Information Disclosure Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Gravity Forms is a form builder plugin used in it. A security vulnerability exists in the common.php file in WordPress Gravity Form...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...