Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application. Joplin suffers from a security vulnerability that allows XSS to pass through buttons and forms in the notes body...

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.

...

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form ie...

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

This module provides a user interface that allows the implementation and use of Form modes without custom development. The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes. This vulnerability is mitigated by the fact that an...

WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34675

CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

CVE-2021-34676

Summary: CVE-2021-34676 affects Basix NEX-Forms (WordPress plugin) up to version 7.8.7. The underlying issue is an authentication bypass in the Excel report generation feature, enabling unauthenticated users to download Excel reports. The vulnerability is described consistently across multiple so...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...