UBUNTU-CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

Foxit PDF Reader和Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit China, a PDF reader and a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor due to a failure to effectively restrict memory boundaries when handling XFA. An attacker could exploit this vulnerabilit...

PT-2022-12670 · Magnolia · Magnolia

Name of the Vulnerable Software and Affected Versions: Magnolia versions prior to 6.2.3 Description: A Server-Side Template Injection SSTI issue in the Registration and Forgotten Password forms allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter...

Foxit PDF Reader XFA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

AlmaLinux 8 : libreoffice (ALSA-2020:4628)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the...

Denial Of Service (DoS)

django is vulnerable to denial of service. An attacker is able to input malicious multipart forms, resulting in an infinite loop when parsing files causing an application crash...

CVE-2022-23833

A flaw was found in Django. The issue occurs when passing certain inputs to multipart forms, resulting in an infinite loop when parsing files...

Django 代码问题漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. A code issue vulnerability exists in Django, which stems from an error in the product's MultiPartParse...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

Cross-site Scripting in livehelperchat

Stored XSS attacks exist in new the form creation flow. New forms can be given a title which will render javascript...

Mageia: Security Advisory (MGASA-2016-0413)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in ModuleFormsList of formsNew. Use payload constructor.constructor'alert1' while creating form, and you will see that the input gets stored, and every time the user visits, the payload gets executed. Proof of Concept Impact Through this vulnerability, an attacker ...

WordPress Easy Forms for Mailchimp plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Easy Forms for Mailchimp plugin for...

WordPress Easy Forms for Mailchimp Plugin < 6.8.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24985

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

Cross site scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-24985 Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the fieldname and fieldtype parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-24985

CVE-2021-24985 affects WordPress plugin Easy Forms for Mailchimp prior to version 6.8.6. The issue arises because field_name and field_type are not sanitized/escaped when echoed back in attributes, enabling Reflected XSS. The Red Hat and CVE records corroborate this description; remediation is to...

CVE-2021-24923 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...