CVE-2022-44631 WordPress 1app Business Forms Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

CVE-2022-44631 WordPress 1app Business Forms Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

WordPress Plugin 1app Business Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-14523 · Unknown · 1App Business Forms

Name of the Vulnerable Software and Affected Versions: 1app Business Forms plugin versions prior to 1.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication, specifically with author or higher privileges. This vulnerability affects th...

US Facebook users can now claim Cambridge Analytica settlement cash

US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a "AC Forms" Gutenberg block to a...

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

CVE-2023-21993

CVE-2023-21993 affects Oracle Clinical Remote Data Capture (Oracle Health Sciences Applications), component Forms, with vulnerable version 5.4.0.2. The issue is a network-accessible, low-privilege flaw that can lead to unauthorized data access (CVSS v3.1 base score 6.5, Confidentiality impact). P...

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

Cross site scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2023-1325

The CVE-2023-1325 issue affects the WordPress plugin Easy Forms for Mailchimp, with versions before 6.8.7. The root cause is insufficient validation and escaping of shortcode attributes, which are echoed back into pages/posts, enabling Stored XSS for users with contributor privileges and above. T...

NEX-Forms < 8.4 - Admin+ SQL Injection

The plugin does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query. POST /wp-admin/admin-ajax.php HTTP/1.1 Deleted Headers action=nfupdaterecord&table=Injection Point&editId=1&plugin=shared&title=exploit%60&formfields=/Deleted...

WordPress Easy Forms for Mailchimp Plugin < 6.8.7 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.7 Fixed in 6.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1325 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bd41da1d02a4 Credits Erwan LR...

WordPress Easy Forms for Mailchimp Plugin < 6.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions 6.8.8 Fixed in 6.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1324 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c14e208dddfc Credits Erwan LR WPScan...

Jenkins Plugin Report Portal 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-1903

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

CVE-2023-1903

CVE-2023-1903 affects SAP HCM Fiori App My Forms (Fiori 2.0) version 605. The underlying issue is missing authorization checks for an authenticated user, which can expose restricted header data. Sources consistently describe the affected software and the root cause as a lack of proper access cont...

CVE-2023-1903 Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

CVE-2023-28789

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...