SQL Injection Vulnerability in Universal Forms Module of Semaphore CMS E-commerce System

Shining CMS e-commerce system bilingual with mobile version to php + mysql development, site installation is simple and fast. Shining CMS e-commerce system SQL injection vulnerability, attackers can use this vulnerability to obtain data content and other sensitive information...

Microsoft Xamarin.Forms Spoofing Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...

download-legal-forms.com Cross Site Scripting vulnerability OBB-1404804

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

boatbillofsaleforms.com Cross Site Scripting vulnerability OBB-1402179

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

Input validation

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

CVE-2020-25768

CVE-2020-25768 (Contao) involves improper input validation that allows insertion of insert tags in front-end forms, which are later rendered as part of the page. Affected products/versions include Contao prior to 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1. The underlying issue is inject...

Universal Health Services Ransomware Attack Impacts Hospitals Nationwide

A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...

Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...

GHSA-F7WM-X4GW-6M23 Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...

Insert tag injection in forms

Date : 2020-09-24 CVE ID : CVE-2020-25768 Description It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.51 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. PoC http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall=wpscanpath=wpscan/wpscan.php...

Ninja Forms < 3.4.27.1 - CSRF leading to Arbitrary Plugin Installation

The plugin is affected by a Cross-Site Request Forgery CSRF which could allow attackers to make a logged administrator install an arbitrary plugin from the WordPress repository. http://example.com/wp-admin/admin-ajax.php?action=nfservicesinstall&plugin=wpscan&installpath=wpscan/wpscan.php...

Ninja Forms < 3.4.27.1 - Validation Bypass via Email Field

The plugin did not correctly validate the email address field...

Ninja Forms < 3.4.28 - Stored Cross-Site Scripting

The plugin did not escape HTML content of fields in the submissions table, which could lead to Cross-Site Scripting issues...

DRUPAL-CORE-2020-009

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...

Malicious Package in motiv.scss

Version 0.4.20 of motiv.scss contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate yo...