CVE-2024-36193

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-36166

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-26077

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

CVE-2023-51413

Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29...

CVE-2023-51413 WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29...

CVE-2023-51413 WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29...

WordPress plugin Piotnet Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4319

CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-35742

CVE-2024-35742 is listed in the initial document as a Missing Authorization vulnerability in Easy Forms for Mailchimp affecting versions up to 6.9.0. The connected documents do not provide detailed technical specifics (no root cause, impact, affected sub-components, or remediation steps) beyond t...

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

WordPress plugin Easy Forms for Mailchimp security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

TYPO3 Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...

PT-2024-27123 · WordPress · Powerpack Pro For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Pro for Elementor plugin for WordPress versions up to, and including, 2.10.17 Description: The issue is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possib...

CVE-2024-37156

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

CVE-2024-37156

CVE-2024-37156 affects SuluFormBundle (Sulu Admin) where the TokenController.get parameter formName is not sanitized in the returned input field, enabling Cross-Site Scripting (XSS). The issue is fixed in version 2.5.3. Mitigation is to upgrade to 2.5.3 or apply the provided patch; no exploit det...

CVE-2024-37156 TokenController formName not sanitized in hidden input

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

CVE-2024-37156 TokenController formName not sanitized in hidden input

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...