SUSE CVE-2014-1727

Use-after-free vulnerability in content/renderer/rendererwebcolorchooserimpl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms...

SUSE CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code...

SUSE CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

SUSE CVE-2016-9275

Heap-based buffer overflow in the dwarfskimforms function in libdwarf/dwarfmacro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service out-of-bounds read...

SUSE CVE-2019-16545

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

SUSE CVE-2020-12803

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...

SUSE CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

SUSE CVE-2022-4181

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin = 1.0.15 versions...

CVE-2023-0169

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0169

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0169 Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0169 Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0169

CVE-2023-0169 pertains to the Zoho Forms WordPress plugin prior to version 3.0.1. The vulnerability arises because certain shortcode attributes are not validated or escaped before being echoed in the page, enabling stored XSS for users with the contributor role or higher. The issue is mitigated b...

WordPress plugin Zoho Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-2627 · Ruckus Wireless · Ruckus Wireless Admin

Name of the Vulnerable Software and Affected Versions: Ruckus Wireless Admin versions prior to 10.4 Description: The issue concerns a Remote Code Execution vulnerability in Ruckus Wireless Admin, allowing an unauthenticated attacker to execute arbitrary code via an HTTP GET request. This can be...

Microsoft Edge (Chromium) < 108.0.1462.42 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.42. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to...

WordPress WordPress Form Builder Plugin – Gutenberg Forms Plugin <= 2.2.8.3 is vulnerable to Broken Access Control

Software WordPress Form Builder Plugin – Gutenberg Forms Type Plugin Vulnerable versions = 2.2.8.3 Fixed in 2.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45803 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4cd389bac6...

WordPress Formidable Forms Plugin <= 5.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 5.5.4 Fixed in 5.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45806 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8708888535f1 Credits István Márton...