Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Summary (CVE-2018-7747): WordPress Caldera Forms plugin vulnerable through stored XSS in versions up to 1.5.9.1, fixed in 1.6.0-rc.1. Vulnerability arises from insufficient input validation allowing remote attackers to inject arbitrary script via (1) a greeting message, (2) the email transaction ...

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

Drupal Drupalgeddon 2 Forms API Property Injection

This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Jasper Mattsson', Vulnerability discovery 'a2u', Proof of concept...

WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...

Convert Forms CSV Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla Extension Convert Forms version 2.0.3 - Formula Injection CSV Injection Google Dork: N/A Exploit Author: Jetty Sairam Software Link:...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

CVE-2014-6169

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

CVE-2014-6169

CVE-2014-6169 affects IBM Forms Experience Builder 8.5.0 and 8.5.1. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected sources confirm the affected product versions and the XSS nature b...

CVE-2014-6169

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

CVE-2018-10063

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...

CVE-2018-10063

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...

CVE-2018-10063

CVE-2018-10063 affects Joomla! Convert Forms extension prior to 2.0.4. The vulnerability is a CSV injection that enables remote command execution when exporting leads/form data, due to how CSV fields are handled during export. Documented impact includes potential arbitrary command execution with ...

CVE-2018-10063

The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...