Adobe Acs-aem-commons 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase of AEM/CQ code collections generated from AEM by Adobe U.S. Adobe Acs-aem-commons 5.1.x and earlier versions contain a cross-site scripting vulnerability that could be exploited by an attacker to inject malicious JavaScript content into vulnerable fo...

WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability

Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

DRUPAL-CORE-2022-008

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

WordPress plugin Caldera Forms cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

Cross site scripting

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

CVE-2022-0879

The CVE-2022-0879 entry concerns the Caldera Forms WordPress plugin prior to version 1.9.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by the plugin not validating and escaping the cf-api parameter before echoing it in responses. Affected component: cf-api handling in Cald...

CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

WordPress plugin Caldera Forms跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...

PT-2022-13496

Name of the Vulnerable Software and Affected Versions Caldera Forms WordPress plugin versions prior to 1.9.7 Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the cf-api parameter is not properly validated and escaped before being output in the response...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's form builder, or 2 App Builder module's object form...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and more. A security vulnerability exists in Liferay Portal...

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of...

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting The issue is only exploitable when there are no forms created yet...

WordPress Caldera Forms plugin <= 1.9.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Caldera Forms plugin versions = 1.9.6. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.7...