Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the textarea field...

WordPress Ultimate Member Plugin <= 2.1.12 Deprecated UM Forms Field Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

GHSA-WJX2-7HQQ-8H7M rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms...

Umbrella_android - Digital And Physical Security Advice App

Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email;...

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via nested forms. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and...

Cross-Site Scripting (XSS)

railsadmin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via nested forms...

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

Design/Logic Flaw

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2020-36190

The CVE-2020-36190 case affects the RailsAdmin (rails_admin) gem prior to 1.4.3 and 2.x prior to 2.0.2, exposing a cross-site scripting (XSS) vulnerability via nested forms. Root cause is unvalidated input in nested form handling, enabling injected scripts to be rendered in the browser. The impac...

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...