CVE-2021-32697

The CVE-2021-32697 issue affects the Neos Form framework (neos/forms) where a crafted GET request with a valid form state can submit a form without triggering validators. The form state is protected by an HMAC that is still verified, so exploitation requires that Form Finishers may run actions ev...

CVE-2021-32697 Form validation can be skipped

neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...

Neos/forms 输入验证错误漏洞

Neos/forms is an open source framework for building web forms. A security vulnerability exists in Neos/forms where the program can submit a form without invoking any validator by creating a special "GET" request that contains valid form state...

WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)

The WP Fluent Forms WordPress plugin was vulnerable to a Cross-Site Request Forgery CSRF vulnerability that could lead to Stored Cross-Site Scripting XSS...

PT-2021-14710 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names shown in job configuration forms. Attackers with...

browser-forms (>=0.0.1 <=0.0.2), express-stormpath (>=0.1.0 <=0.5.8) +4 more potentially affected by CVE-2021-23388 via forms (>=0.1.0 <=1.1.4)

forms NPM version =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.3.1, =0.0.1, =0.1.1 Source cves: CVE-2021-23388 Source advisory: OSV:GHSA-C56F-GRV3-GPFR...

GHSA-C56F-GRV3-GPFR Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Regular expression denial of service in forms

The package forms before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

CVE-2021-23388

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Input validation

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

Forms 输入验证错误漏洞

caolan forms is open source a simple program for creating, parsing and validating forms. An input validation error vulnerability exists in Forms that originates. An attacker could use this vulnerability to launch a Regular Expression Denial of Service ReDoS attack during email validation. The...

CVE-2021-23388 Regular Expression Denial of Service (ReDoS)

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via email validation...

CVE-2021-23388

The CVE-2021-23388 entry concerns the caolan/forms library and its email validation regex. Affected versions are before 1.2.1 and 1.3.0 through 1.3.2, where an insecure regular expression can cause a Regular Expression Denial of Service (ReDoS), potentially consuming significant CPU and slowing o...

Regular Expression Denial of Service (ReDoS)

Overview forms is a libary that allows you to create, parse, and validate forms Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via email validation. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...

justy-entity (>=1.0.0 <=1.3.7) potentially affected by CVE-2021-23388 via forms (=1.1.4)

forms NPM version =1.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on forms and may be impacted: - justy-entity =1.0.0, =1.3.7 Source cves: CVE-2021-23388 Source advisory: SNYK:JS-FORMS-1296389...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...

The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library allows attackers to perform XXE attacks.

The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XFDF file...

Foxit Reader Code Execution Vulnerability (CNVD-2021-38099)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader Code Execution Vulnerability (CNVD-2021-38097)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...