CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

Cross-site Request Forgery (CSRF)

joplin is vulnerable to cross-site request forgery. Lack of CSRF checks in various forms allows an authenticated user to unknowingly perform unwanted action on malicious website...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms versions 4.0.0 through 8.7.5, which can be exploited by an attacker to execute remote code and delete arbitrary files...

CVE-2021-23431

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

CVE-2021-24524

The CVE-2021-24524 vulnerability affects the WordPress GiveWP plugin prior to version 2.12.0. The issue is an authenticated stored XSS in the Donation Level setting of Donation Forms, caused by insufficient escaping, enabling a high-privilege user to inject payloads. Impact is described as cross-...

Foxit Reader and Foxit PhantomPDF Denial of Service Vulnerability

Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 contain a security vulnerability that could be exploited by an attacker to invoke the stack via a recursive function during the processing of XFA for...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2020-25562

In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent...

CVE-2021-38569

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects...

CVE-2021-38569

Foxit Reader and Foxit PhantomPDF are affected by a vulnerability fixed in 10.1.4 or later. The issue allows stack consumption via recursive function calls during handling of XFA forms or linked objects, which could lead to a denial of service. Affected products are Foxit Reader and Foxit Phantom...

Foxit Reader和Foxit PhantomPDF 安全漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from Foxit, a Chinese company. Foxit Reader and PhantomPDF versions prior to 10.1.4 contain a security vulnerability that could be exploited by an attacker to invoke the stack via a recursive function during the processing of XFA for...

Tecknodreams SapphireIMS 跨站请求伪造漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified Enterprise Service Management System from Tecknodreams India. Sapphire IMS 5.0 has a cross-site request forgery vulnerability that stems from the absence of CSRF tokens throughout the application in Sapphire IMS 5.0. This could lead to a CSRF...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site...

CVE-2021-24505

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field...

CVE-2021-24505

The CVE-2021-24505 entry corresponds to a Stored XSS in the WordPress Forms plugin prior to v1.12.3, caused by the plugin failing to sanitise input in the Add New field. The vulnerability is authenticated (requires user login) and stored, with an attacker potentially injecting script that could e...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin Forms before 1.12.3, which stems from the form's "Ad...