Lucene search
K

8227 matches found

Cvelist
Cvelist
added 2020/02/10 5:59 p.m.25 views

CVE-2019-19669

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html...

6.5AI score0.00435EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/02/03 12:0 a.m.19 views

Ninja Forms < 3.4.23 - CSRF to Stored Cross-Site Scripting (XSS)

Authenticated Stored XSS vulnerabilities in recaptchasitekey, recaptchasecretkey, recaptchalang and dateformat keys, which can be performed via CSRF attacks...

3.5CVSS3.1AI score0.01195EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2020/01/23 9:15 p.m.7 views

PYSEC-2020-89

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking...

7.5CVSS7AI score0.01253EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2020/01/22 3:15 p.m.15 views

Cross site scripting

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...

3.5CVSS5.4AI score0.00991EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/01/22 2:10 p.m.23 views

CVE-2020-7228

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...

5.4AI score0.00991EPSS
Exploits0References3
CVE
CVE
added 2020/01/22 2:10 p.m.87 views

CVE-2020-7228

CVE-2020-7228 affects WordPress Calculated Fields Form plugin (versions

5.4CVSS5.3AI score0.00991EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/01/21 7:15 p.m.12 views

CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

8.8CVSS8.8AI score0.0132EPSS
Exploits2References3
OSV
OSV
added 2020/01/21 7:15 p.m.11 views

CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

8.8CVSS7AI score0.0132EPSS
Exploits2References3
Prion
Prion
added 2020/01/21 7:15 p.m.12 views

Cross site request forgery (csrf)

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

6.8CVSS8.7AI score0.0132EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/01/21 6:30 p.m.15 views

CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

8.8AI score0.0132EPSS
Exploits2References3
CVE
CVE
added 2020/01/21 6:30 p.m.101 views

CVE-2020-6849

CVE-2020-6849 concerns the WordPress plugin marketo-forms-and-tracking (

8.8CVSS8.7AI score0.0132EPSS
Exploits2References3Affected Software1
Talos Blog
Talos Blog
added 2020/01/19 2:58 a.m.1183 views

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated January 17th: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're calling "JhoneRAT." This...

9.3CVSS0.4AI score0.99933EPSS
Exploits29
ThreatPost
ThreatPost
added 2020/01/17 10:1 p.m.146 views

New JhoneRAT Malware Targets Middle East

Researchers are warning of a new remote access trojan RAT, dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ computers and is also able to...

7AI score
Exploits0References8
wpexploit
wpexploit
added 2020/01/17 12:0 a.m.68 views

Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS

Lack of CSRF checks and sanitisation on the plugin's settings page could allow XSS attacks via CSRF. document.getElementById'csrf'.submit;...

6.8CVSS1AI score0.0132EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2020/01/17 12:0 a.m.22 views

Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS

Lack of CSRF checks and sanitisation on the plugin's settings page could allow XSS attacks via CSRF. PoC...

6.8CVSS3.4AI score0.0132EPSS
Exploits2References1Affected Software1
Fedora
Fedora
added 2020/01/04 10:16 p.m.13 views

[SECURITY] Fedora 30 Update: drupal7-webform-4.21-1.fc30

Webform is the module for making forms and surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review an...

0.5AI score
Exploits0
CNVD
CNVD
added 2020/01/02 12:0 a.m.5 views

WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...

6.1CVSS6.2AI score0.03902EPSS
Exploits2References1
NVD
NVD
added 2019/12/27 8:15 p.m.15 views

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

6.1CVSS6.2AI score0.03902EPSS
Exploits2References2
Prion
Prion
added 2019/12/27 8:15 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

4.3CVSS6.2AI score0.03902EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/12/27 7:1 p.m.22 views

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

6.2AI score0.03902EPSS
Exploits2References2
Rows per page
Query Builder