CVE-2023-48276

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

Mollie Forms < 2.6.14 - Cross-Site Request Forgery to Arbitrary Post Duplication

Description The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms v...

PT-2024-26615 · Sendinblue · Brevo Newsletter

Name of the Vulnerable Software and Affected Versions: Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue versions n/a through 3.1.77 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS,...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5...

Cross Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a failure to properly encode user input in frontend forms handled by the form framework, allowing malicious users to inject and execute arbitrary JavaScript code in the context of other users' browsers...

CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...

GHSA-4459-QRCC-VFCF TYPO3 Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...

TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

GHSA-CC97-G92W-JM65 TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

Exposure Of Sensitive Information To An Unauthorized Actor

silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without prope...

PT-2024-40242 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises from Phar files, which can act as self-extracting archives, leading to the execution of source code when invoked. Phar files can be disguised with various file extensions,...

CVE-2024-35239

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...

Umbraco Forms components vulnerable to Stored Cross-site Scripting

Impact Authenticated user that has access to edit Forms may inject unsafe code into Forms components. Patches Issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to patched versions 13.0.1, 12.2.2, 10.5.3, 8.13.13. References...

Cross-site Scripting (XSS)

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the TitleAndDescription component. An attacker can inject malicious scripts by submitting crafted input in the forms. Note: This is only...

GHSA-P572-P2RJ-Q5F4 Umbraco Forms components vulnerable to Stored Cross-site Scripting

Impact Authenticated user that has access to edit Forms may inject unsafe code into Forms components. Patches Issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to patched versions 13.0.1, 12.2.2, 10.5.3, 8.13.13. References...

CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...

CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...