PT-2023-3359 · Apache +1 · Apache Struts +1

Name of the Vulnerable Software and Affected Versions: Apache Struts versions through 2.5.30 Apache Struts versions through 6.1.2 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a denial of service via out of memory OOM due to no...

CVE-2023-1323 Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2023-1323

The CVE-2023-1323 entry concerns the WordPress plugin Easy Forms for Mailchimp, affected in versions prior to 6.8.9. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of certain form parameters, enabling high-privilege users (e.g., admins) ...

CVE-2023-35053

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

CVE-2023-35053

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

Design/Logic Flaw

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

CVE-2023-35053

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

CVE-2023-35053

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

CVE-2023-35053

CVE-2023-35053 affects JetBrains YouTrack prior to version 2023.1.10518. The issue allows a denial-of-service via Helpdesk forms, impacting availability (the CVSS v3.1 vector indicates network attack with low complexity, no privileges required, and high availability impact). Remediation per the r...

WordPress plugin NEX-Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2023-16895 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly saniti...

CVE-2023-22583

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

Sql injection

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

CVE-2023-22583 SQL Injection in Danfoss AK-EM100

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

CVE-2023-22583 SQL Injection in Danfoss AK-EM100

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

CVE-2023-22583

CVE-2023-22583 affects the Danfoss AK-EM100 web-forms login functionality. The issue is an SQL injection vulnerability in the login forms, enabling potential unauthorized data access or manipulation. The core details across connected documents confirm the affected software (Danfoss AK-EM100 web i...

PT-2023-18568 · Danfoss · Danfoss Ak-Em100

Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue concerns SQL injection in the login forms of the web interface. This allows for potential unauthorized access or manipulation of data. No information is provided about th...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...