8183 matches found
PT-2024-30296 · Hubbank · Hubbank
Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is a Cross-site Scripting XSS vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any...
WordPress plugin Smart Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-25362 · Rednao · Rednao Smart Forms
Name of the Vulnerable Software and Affected Versions: RedNao Smart Forms versions 2.6.91 and earlier Description: The issue is related to a Missing Authorization vulnerability in RedNao Smart Forms. Recommendations: For RedNao Smart Forms versions 2.6.91 and earlier, at the moment, there is no...
PT-2024-18411 · WordPress · Smart Forms
Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.96 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised an...
WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Smart Forms versions = 2.6.91...
WordPress Smart Forms Plugin <= 2.6.91 is vulnerable to Broken Access Control
Software Smart Forms Type Plugin Vulnerable versions = 2.6.91 Fixed in 2.6.92 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 810e0b29d7f7 Credits Dhabaleshwar Das Required...
WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Conversational Forms for ChatBot versions = 1.1.8...
WordPress Conversational Forms for ChatBot Plugin <= 1.1.8 is vulnerable to Arbitrary File Download
Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.2.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-32729 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 27e83c0724e4 Credits Yudistira...
Cross-site Scripting (XSS)
keycloak is vulnerable to Cross-site Scripting XSS. The vulnerability is due to allowing arbitrary URLs, including JavaScript URIs javascript:, as SAML Assertion Consumer Service POST Binding URL ACS. Allowing JavaScript URIs in combination with HTML forms results in Cross-site Scripting in the...
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...
CVE-2024-32510
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-32527
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1...
CVE-2024-32130
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...
CVE-2024-32510 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...
CVE-2024-32527 WordPress Jotform Online Forms plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1...
CVE-2024-32527
CVE-2024-32527 affects the Jotform Online Forms WordPress plugin (versions up to and including 1.3.1). The issue is Stored Cross‑Site Scripting caused by insufficient input sanitization and output escaping in shortcode attributes, exploitable by authenticated users with contributor level access a...
CVE-2023-36505
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...
CVE-2023-36505
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...