golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

WordPress MailerLite – Signup forms (official) plugin <= 1.7.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin MailerLite versions = 1.7.6...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf12af72ac5b Credits Richard Tellen...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

PT-2024-4456 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary code. A stored Cross-Site Scripting...

CVE-2024-4310

HubBank 1.0.2 is affected by a Cross-site Scripting (XSS) vulnerability in registration and profile forms due to insufficient input filtering/escaping. An attacker can deliver a crafted JavaScript payload that executes when an authenticated user loads the page, enabling session takeover. Affected...

WordPress Smart Forms plugin < 2.6.96 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Smart Forms versions 2.6.96...

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593

CVE-2024-33593: Missing Authorization vulnerability in RedNao Smart Forms affecting Smart Forms up to version 2.6.91. Connected Red Hat entry confirms the issue description; no publicly documented exploitation details, impact specifics, or remediation in the provided documents. The known issue is...

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-1905

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Smart Forms Plugin < 2.6.96 is vulnerable to Cross Site Scripting (XSS)

Software Smart Forms Type Plugin Vulnerable versions 2.6.96 Fixed in 2.6.96 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1905 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f2ffffc8c85a Credits Bob Matyas Required privileg...

RomethemeForm For Elementor < 1.1.3 - Missing Authorization

Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms...

MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization

Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...

WordPress plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

HubBank 跨站脚本漏洞

HubBank is an app from HubBank, Inc. A cross-site scripting vulnerability exists in HubBank version 1.0.2, which stems from the lack of effective filtering and escaping of user-supplied data on registration and profile forms, and can be exploited by an attacker to execute arbitrary web script or...