Lucene search
K

8225 matches found

NVD
NVD
added 2020/03/25 6:15 p.m.18 views

CVE-2019-18626

Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social...

4.3CVSS4.6AI score0.00617EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/25 5:1 p.m.25 views

CVE-2019-18626

Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social...

4.6AI score0.00617EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/24 12:0 a.m.4 views

WordPress pricing-table-by-supsystic insecure permissions vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security issue exists in WordPress pricing-table-by-supsystic prior to version 1.8.2, which stems from the...

7.5CVSS6.6AI score0.01677EPSS
Exploits2References1
Prion
Prion
added 2020/03/19 6:15 p.m.10 views

Cross site scripting

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

4.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/03/14 12:0 a.m.13 views

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

6.1CVSS3.4AI score0.01278EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/03/10 9:15 p.m.15 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.3AI score0.00749EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/10 8:20 p.m.28 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

6.1CVSS6.3AI score0.00749EPSS
Exploits0References2
CVE
CVE
added 2020/03/10 8:20 p.m.81 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) is affected across SAP BASIS versions 7.00–7.54 due to insufficient encoding of user-controlled inputs, enabling unauthenticated users to perform a Reflected Cross-Site Scripting (XSS) that can deface content, steal user credentials, imper...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/03/10 12:0 a.m.5 views

PT-2020-19006 · Sap · Sap Netweaver As Abap +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAP BASIS versions 7.00 through 7.54 Description: The issue arises from insufficient encoding of user-controlled inputs, allowing an unauthenticated attacker to non-permanently deface o...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.7 views

PT-2020-15370 · Jenkins · Jenkins Backlog Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Backlog Plugin versions 2.4 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Credentials are stored...

4.3CVSS4.2AI score0.00646EPSS
Exploits0References8
NVD
NVD
added 2020/03/06 7:15 p.m.17 views

CVE-2020-9457

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

8.8CVSS8.5AI score0.02533EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/03/06 6:56 p.m.18 views

CVE-2020-9457

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

8.5AI score0.02533EPSS
Exploits1References3
Prion
Prion
added 2020/03/04 7:15 p.m.15 views

Improper access control

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter1 POST request without being authenticated on the admin interface...

5CVSS7.3AI score0.02532EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/03/04 6:8 p.m.68 views

CVE-2019-19226

CVE-2019-19226 affects D-Link DSL-2680 (Firmware EU_1.03) web administration. A Broken Access Control flaw in the Forms/WlanMacFilter_1 POST handling allows an unauthenticated attacker to enable/disable MAC address filtering. The root cause is improper access restrictions on the MAC-filter config...

7.5CVSS7.2AI score0.02532EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/03/04 6:3 p.m.20 views

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

5.2AI score0.01867EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/03/04 12:0 a.m.5 views

PT-2020-10104 · D Link · D-Link Dsl-2680

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Broken Access Control issue in the web administration interface allows an attacker to change DNS servers without authentication by submitting a crafted Forms/dns 1 POST request. Recommendations:...

7.5CVSS7.6AI score0.02532EPSS
Exploits1References6
NVD
NVD
added 2020/02/26 4:15 p.m.17 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5CVSS6.5AI score0.00546EPSS
Exploits1References3
Prion
Prion
added 2020/02/26 4:15 p.m.13 views

Cross site request forgery (csrf)

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

4.3CVSS6.5AI score0.00546EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/26 3:16 p.m.22 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5AI score0.00546EPSS
Exploits1References3
Patchstack
Patchstack
added 2020/02/26 12:0 a.m.8 views

WordPress Easy Forms for Mailchimp plugin <= 6.6.2 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered in WordPress Easy Forms for Mailchimp plugin versions = 6.6.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.6.3...

2.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder